Description
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Remediation
References
Related Vulnerabilities
WordPress Plugin wpStoreCart 'upload.php' Arbitrary File Upload (2.5.29)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Unspecified Vulnerability (1.0.6)
WordPress Plugin W3 Total Cache Server-Side Request Forgery (0.9.7.3)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.22)
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2006-4471)