Arbitrary Code Execution via File Upload in RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7

Arbitrary Code Execution via File Upload in RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7

CVE-2019-19594 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.

Learn more about our Api Penetration Testing.