Description
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Remediation
References
Related Vulnerabilities
WordPress Cryptographic Issues Vulnerability (CVE-2014-9037)
WordPress Plugin Social Rocket-Social Sharing Cross-Site Request Forgery (1.2.9)
Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.15)
Oracle Database Server Other Vulnerability (CVE-2006-0551)
Oracle Database Server CVE-2014-4297 Vulnerability (CVE-2014-4297)