CVE-2024-41651

Name of the Vulnerable Software and Affected Versions Prestashop versions 8.1.7 and earlier

Description An issue in Prestashop allows a remote attacker to execute arbitrary code via the module upgrade functionality. However, it is disputed by multiple parties, who report that exploitation requires an attacker to hijack network requests made by an admin user, who is allowed to change the code running on the server by design.

Recommendations For Prestashop versions 8.1.7 and earlier, consider disabling the module upgrade functionality until a patch is available to prevent potential exploitation. Restrict access to the module upgrade feature to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.