Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ocGY0LXY3djItOTVwMs4AA1LY
PrestaShop file access through path traversal
Impact
displayAjaxEmailHTML method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured.
This vulnerability can be exacerbated when coupled with CWE-502, which pertains to the Deserialization of Untrusted Data. Such a combination could potentially lead to a Remote Code Execution (RCE) vulnerability
Patches
8.1.1
Found by
Aleksey Solovev (Positive Technologies)
Workarounds
References
Permalink: https://github.com/advisories/GHSA-hpf4-v7v2-95p2JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ocGY0LXY3djItOTVwMs4AA1LY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 6.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
Identifiers: GHSA-hpf4-v7v2-95p2, CVE-2023-39528
References:
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2
- https://nvd.nist.gov/vuln/detail/CVE-2023-39528
- https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c
- https://github.com/advisories/GHSA-hpf4-v7v2-95p2
Blast Radius: 2.0
Affected Packages
packagist:prestashop/prestashop
Dependent packages: 0Dependent repositories: 2
Downloads: 6,159 total
Affected Version Ranges: <= 8.1.0
Fixed in: 8.1.1
All affected versions: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.1.0
All unaffected versions: 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.0