Description
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.3.3)
PostgreSQL NULL Pointer Dereference Vulnerability (CVE-2016-5423)
MediaWiki Improper Input Validation Vulnerability (CVE-2013-6453)
WordPress Plugin WP Mail Logging Cross-Site Scripting (1.11.1)
WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.18.1)