Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PrestaShop Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2023-39528 - Vulnerability Database
PrestaShop

PrestaShop Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2023-39528

High
Reference: CVE-2023-39528
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-39528
Title: PrestaShop Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1 the displayAjaxEmailHTML method can be used to read any file on the server potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.