Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39528: Reading a file through path traversal

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the displayAjaxEmailHTML method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

CVE
Open in Source
#web

Package

composer prestashop/prestashop (Composer)

Affected versions

<= 8.1.0

Description

Impact

displayAjaxEmailHTML method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured

Patches

8.1.1

Found by

Aleksey Solovev (Positive Technologies)

Workarounds****References

Related news

GHSA-hpf4-v7v2-95p2: PrestaShop file access through path traversal

### Impact `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured ### Patches 8.1.1 ### Found by Aleksey Solovev (Positive Technologies) ### Workarounds ### References

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE