Description

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

Remediation

References

CVE-2023-39530

Related Vulnerabilities

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Multiple Cross-Site Scripting Vulnerabilities (1.4.56)

Python Uncontrolled Resource Consumption Vulnerability (CVE-2012-0876)

Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279)

WordPress Plugin Conditional Marketing Mailer for WooCommerce Cross-Site Request Forgery (1.5.2)

Severity

Critical

Classification

CVE-2023-39530 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tags

Missing Update Known Vulnerabilities