Описание
PrestaShop file deletion via CustomerMessage
Impact
It is possible to delete files from the server via the CustomerMessage API
Patches
8.1.1
Found by
Kto94 (via Yeswehack)
Workarounds
none
References
none
Пакеты
Наименование
prestashop/prestashop
composer
Затронутые версииВерсия исправления
<= 8.1.0
8.1.1
Связанные уязвимости
CVSS3: 6.5
nvd
больше 2 лет назад
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.