CVE-2024-41651

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server).

Published: Aug 12, 2024
Updated: May 4, 2025
CVE: CVE-2024-41651
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
prestashop / prestashop	-	8.1.7.x

https://github.com/Fckroun/CVE-2024-41651/tree/main

Vulnerability Database

289,784

CVE-2024-41651