CVE-2024-25842

EUVD-2024-23149
An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo() and postProcess methods.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
prestaworldaccount_manager
𝑥
< 9.0.0
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
prestaworldprestasalesmanager
𝑥
< 9.0
ADP
Common Weakness Enumeration
References
https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-prestasalesmanager.md
https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-prestasalesmanager.md