Описание
PrestaShop file deletion via attachment API
Impact
It is possible to delete a file from the server by using the Attachments controller and the Attachments API.
Patches
8.1.1
Found by
Kto94 (via Yeswehack)
Workarounds
none
References
none
Пакеты
Наименование
prestashop/prestashop
composer
Затронутые версииВерсия исправления
<= 8.1.0
8.1.1
Связанные уязвимости
CVSS3: 6.7
nvd
больше 2 лет назад
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.