Prestashop: >> Prestashop >> 8.1.0 Security Vulnerabilities
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
CVSS Score
6.8
EPSS Score
0.004
Published
2023-08-07
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
CVSS Score
6.7
EPSS Score
0.005
Published
2023-08-07
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
CVSS Score
6.5
EPSS Score
0.005
Published
2023-08-07
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
CVSS Score
6.7
EPSS Score
0.003
Published
2023-08-07
Page 2