Home > Vulnerability Database > CVE-2024-41651

Mend.io Vulnerability Database

CVE-2024-41651

Date: August 11, 2024

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).

Language: PHP

Severity Score

9.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-41651

Url: https://github.com/Fckroun/CVE-2024-41651/tree/main

Url: https://www.mend.io/vulnerability-database/CVE-2024-41651

Severity Score

9.8

Weakness Type (CWE)

Code Injection

CWE-94

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-41651

Date: August 11, 2024

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?