PT-2024-13851 · Prestashop · Prestashop M4 Pdf Extensions Module
Published
2024-06-24
·
Updated
2024-07-03
·
CVE-2023-50029
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PrestaShop M4 PDF Extensions module versions up to 3.3.2
Description
The issue allows attackers to run arbitrary code via the M4PDF::saveTemplate() method, potentially leading to code injection attacks. This could enable malicious activities, such as unauthorized data access or modification.
Recommendations
For PrestaShop M4 PDF Extensions module versions up to 3.3.2, consider disabling the M4PDF::saveTemplate() method until a patch is available to prevent potential code injection attacks. Restrict access to the module to minimize the risk of exploitation.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Prestashop M4 Pdf Extensions Module