CVE-2018-10942
published 2018-05-10CVE-2018-10942: modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute…
PriorityP183critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.74%
95.8th percentile
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| attribute_wizard_project | attribute_wizard | — | — |
Detection & IOCsextracted from sources · hover to see the quote
path/modules/attributewizardpro/file_upload.php
path/modules/1attributewizardpro/file_upload.php
path/modules/attributewizardpro.OLD/file_upload.php
path/modules/attributewizardpro_x/file_upload.php
path/modules/attributewizardpro/file_uploads/
- →Detect POST requests to file_upload.php under any known attributewizardpro module path variants, particularly with multipart/form-data containing a .php or .phtml filename in the Content-Disposition header.
- →Monitor for GET requests to /modules/attributewizardpro/file_uploads/ directory following a POST to file_upload.php, indicating successful upload and execution attempt.
- →Alert on file uploads with .php or .phtml extensions via the userfile form field to the attributewizardpro module endpoint.
- →Check all four known module directory name variants for the vulnerable file_upload.php endpoint: attributewizardpro, 1attributewizardpro, attributewizardpro.OLD, attributewizardpro_x.
- →The exploit response from file_upload.php returns the uploaded filename followed by '||||' — use this pattern to confirm successful exploitation.
- ·The vulnerability affects Attribute Wizard addon version 1.6.9 specifically; the affected PrestaShop version range is 1.4.0.1 through 1.6.1.18. ↗
- ·No authentication is required to exploit this vulnerability; it is unauthenticated remote code execution via arbitrary file upload.
- ·The Nuclei template uses stop-at-first-match across four module path variants, meaning only the first matching path is confirmed vulnerable per scan run.
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3r9j-v4r2-2rj9: modules/attributewizardpro/file_upload
ghsa_unreviewed·2022-05-14
CVE-2018-10942 [CRITICAL] CWE-434 GHSA-3r9j-v4r2-2rj9: modules/attributewizardpro/file_upload
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.
VulnCheck
attribute_wizard_project attribute_wizard Unrestricted Upload of File with Dangerous Type
vulncheck·2018·CVSS 9.8
CVE-2018-10942 [CRITICAL] attribute_wizard_project attribute_wizard Unrestricted Upload of File with Dangerous Type
attribute_wizard_project attribute_wizard Unrestricted Upload of File with Dangerous Type
modules/attributewizardpro/file_upload.php in the Attribute Wizard addon 1.6.9 for PrestaShop 1.4.0.1 through 1.6.1.18 allows remote attackers to execute arbitrary code by uploading a .phtml file.
Affected: attribute_wizard_project attribute_wizard
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-06-28&host_type=src&vulnerability=cve-2018-10942; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-06-30&host_type=src&vulnerability=cve-2018-10942; https://da
No detection rules found.
Nuclei
Prestashop AttributeWizardPro Module - Arbitrary File Upload
nuclei·CVSS 9.8
CVE-2018-10942 [CRITICAL] Prestashop AttributeWizardPro Module - Arbitrary File Upload
Prestashop AttributeWizardPro Module - Arbitrary File Upload
In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file.
Template:
id: CVE-2018-10942
info:
name: Prestashop AttributeWizardPro Module - Arbitrary File Upload
author: MaStErChO
severity: critical
description: |
In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file.
impact: |
Unauthenticated attackers can upload and execute arbitrary PHP files, leading to complete server compromise, data theft, and potential lateral movement within the network.
remediation: |
Remove or update the Attribute Wizard addon to a patched version.
reference:
- https://webcache.googleusercontent.com/search?q=cache
Greynoiseio
Coordinated Cloud-Based Scanning Operation Targets 75 Known Exposure Points in One Day
blogs_greynoiseio·2025-05-27
Coordinated Cloud-Based Scanning Operation Targets 75 Known Exposure Points in One Day
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Greynoiseio
NoiseLetter April 2024
blogs_greynoiseio
NoiseLetter April 2024
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2018-05-10
Published
Exploited in the wild