Arbitrary Code Execution via File Upload in RESET.PRO Adobe Stock API Integration 4.8 for PrestaShop

Arbitrary Code Execution via File Upload in RESET.PRO Adobe Stock API Integration 4.8 for PrestaShop

CVE-2019-19595 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.

Learn more about our Api Penetration Testing.