In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFrontController::init()` and in version 8.X, the method `JmarketplaceSellerproductModuleFrontController::init()` allow upload of .php files, which will lead to a critical vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-06-19T00:00:00
Updated: 2024-08-02T02:42:58.699Z
Reserved: 2024-04-26T00:00:00
Link: CVE-2024-33836
Vulnrichment
Updated: 2024-08-02T02:42:58.699Z
NVD
Status : Awaiting Analysis
Published: 2024-06-19T21:15:56.920
Modified: 2024-07-03T01:58:58.623
Link: CVE-2024-33836
Redhat
No data.