CVE-2024-41651
moderate-risk
Published 2024-08-12
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).
Do I need to act?
!
32.3% chance of exploitation in next 30 days
EPSS score — higher than 68% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (1)
45
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
16/34 · Moderate
Exposure
5/34 · Minimal