CVE-2024-33836

Name of the Vulnerable Software and Affected Versions JA Marketplace module for PrestaShop versions up to 9.0.1

Description The issue allows a guest to upload files with .php extensions, leading to a critical vulnerability. In version 6.X, the method JmarketplaceproductModuleFrontController::init() and in version 8.X, the method JmarketplaceSellerproductModuleFrontController::init() are vulnerable to upload of .php files.

Recommendations For versions up to 9.0.1, consider disabling the JmarketplaceproductModuleFrontController::init() function in version 6.X and the JmarketplaceSellerproductModuleFrontController::init() function in version 8.X as a temporary workaround to prevent the upload of .php files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.