CVE-2024-33836 – In the module “JA Marketplace” (jamarketplace) up

CVE ID : CVE-2024-33836

Published : June 19, 2024, 9:15 p.m. | 1 hour, 4 minutes ago

Description : In the module “JA Marketplace” (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFrontController::init()` and in version 8.X, the method `JmarketplaceSellerproductModuleFrontController::init()` allow upload of .php files, which will lead to a critical vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2024-33836

Published : June 19, 2024, 9:15 p.m. | 1 hour, 4 minutes ago

Description : In the module “JA Marketplace” (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFrontController::init()` and in version 8.X, the method `JmarketplaceSellerproductModuleFrontController::init()` allow upload of .php files, which will lead to a critical vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…