### Vulnerability Information - **EDB-ID**: 45964 - **CVE**: - CVE-2018-19126 - CVE-2018-19125 - **Author**: FARISKHI VIDYAN - **Type**: WEBAPPS - **Platform**: PHP - **Date**: 2018-12-11 - **Vulnerable App**: PrestaShop 1.6.x / 1.7.x ### Vulnerability Description - **Vulnerability Name**: PrestaShop 1.6.x/1.7.x - Remote Code Execution - **Affected Versions**: PrestaShop 1.6.x <= 1.6.1.23 & 1.7.x <= 1.7.4.4 - **Vulnerability Type**: Remote Code Execution - **Exploitation Method**: Triggered via PHAR deserialization - **Prerequisites**: - PrestaShop 1.6.x prior to 1.6.1.23 or 1.7.x prior to 1.7.4.4 - Requires a back-office account (e.g., logistics, translation, sales staff) ### Code Example ```php php exploit.php back-office-url email password func param ``` ### Additional Information - **Vendor Homepage**: https://www.prestashop.com/ - **Vulnerable Package Link**: https://assets.prestashop2.com/en/system/files/ps_releases/prestashop_1.7.4.3.zip - **Exploit Script**: Full PHP code provided to demonstrate exploitation ### Notes - For educational purposes only. Do not use for illegal activities. - Author is not responsible for any misuse or damage.