Описание
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.1 (исключая)
cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01214
Низкий
6.5 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-22
Связанные уязвимости
EPSS
Процентиль: 79%
0.01214
Низкий
6.5 Medium
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-22