CSRF to RCE bug chain in Prestashop v1.7.6.4 and below
This article is about a CSRF, XSS bug chain that is then escalated to Remote Code Execution as an unauthenticated attacker, in Prestashop (unpatched as of 18/04/2020). When the admin opens a link, the chain gets executed and the server gets pwned. If you are interested in reading…