Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39525: path traversal: file deletion

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE
Open in Source
#web

Package

composer prestashop/prestashop (Composer)

Affected versions

<= 8.1.0

Description

Impact

In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path.

Patches

8.1.1

Found by

Aleksey Solovev (Positive Technologies)

Workarounds

none

References

none

Related news

GHSA-m9r4-3fg7-pqm2: PrestaShop path traversal

### Impact In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path. ### Patches 8.1.1 ### Found by Aleksey Solovev (Positive Technologies) ### Workarounds none ### References none

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE