Описание
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the displayAjaxEmailHTML method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.1 (исключая)
cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.006
Низкий
6.8 Medium
CVSS3
8.6 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
EPSS
Процентиль: 69%
0.006
Низкий
6.8 Medium
CVSS3
8.6 High
CVSS3
Дефекты
CWE-22