CVE-2024-34990

Published June 19th, 2024

View on NVD ↗

CVSS v3

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers.

friends-of-presta/security-advisories

Security advisories of the FOP security team for prestashop

GitHub