Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12NGdyLXY2NzktNDJwN84AA1La

PrestaShop file deletion via CustomerMessage

Impact

It is possible to delete files from the server via the CustomerMessage API

Patches

8.1.1

Found by

Kto94 (via Yeswehack)

Workarounds

none

References

none

Permalink: https://github.com/advisories/GHSA-v4gr-v679-42p7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12NGdyLXY2NzktNDJwN84AA1La
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago


CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

EPSS Percentage: 0.00107
EPSS Percentile: 0.44292

Identifiers: GHSA-v4gr-v679-42p7, CVE-2023-39530
References: Repository: https://github.com/PrestaShop/PrestaShop
Blast Radius: 2.0

Affected Packages

packagist:prestashop/prestashop
Dependent packages: 0
Dependent repositories: 2
Downloads: 6,727 total
Affected Version Ranges: <= 8.1.0
Fixed in: 8.1.1
All affected versions: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.1.0
All unaffected versions: 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.0