CVE-2018-10942 PoC — PrestaShop Attribute Wizard addon 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-10942.yaml

Associated Vulnerability

Title:PrestaShop Attribute Wizard addon 安全漏洞 (CVE-2018-10942)
Description:PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。Attribute Wizard addon是其中的一个商品属性添加模块。 PrestaShop 1.4.0.1版本至1.6.1.18版本中的Attribute Wizard addon 1.6.9版本的modules/attributewizardpro/file_upload.php文件存在安全漏洞。远程攻击者可通过上传.phtml文件利用该漏洞执行任意代码。

Description

In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file.

File Snapshot


 id: CVE-2018-10942

info:
  name: Prestashop AttributeWizardPro Module - Arbitrary File Upload
  aut

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!