CVE-2024-34990 Information
Jun 20, 2024
cve
Description
In the module \Help Desk - Customer Support Management System\ (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop a customer can upload .php files. Methods HelpdeskHelpdeskModuleFrontController::submitTicket() and HelpdeskHelpdeskModuleFrontController::replyTicket() allow upload of .php files on a predictable path for connected customers.
Reference
https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-06-18-helpdesk.md
Share on: