mukareste Posted November 23, 2012 Share Posted November 23, 2012 Prestadesigner are shipping vulnerable modules and refuse to fix them, saying that since the vulnerability is in the backoffice, everything is OK. There is a security issue in the Slide Show Home Block. It allows an authenticated user to upload PHP scripts using multiple extensions, e.g. webshell.php.gif While it is true that access to the module configuration is required to exploit this issue, users of the application should not have the ability to upload files which, depending on the server configuration, would give them shell access and command execution on the server. 1 Link to comment Share on other sites More sharing options...
shacker Posted November 28, 2012 Share Posted November 28, 2012 have you reported to prestastore.com? Link to comment Share on other sites More sharing options...
Recommended Posts