logo

Database

Lack of data validation - Path Traversal In prestashop/prestashop

Description

PrestaShop path traversal

Impact

In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path.

Patches

8.1.1

Found by

Aleksey Solovev (Positive Technologies)

Workarounds

none

References

none

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-395252. NVD-2023-395253. OSV-2023-395254. GHSA-m9r4-3fg7-pqm25. GCVE-2023-39525

References

1. https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-m9r4-3fg7-pqm22. https://github.com/PrestaShop/PrestaShop/commit/c7c9a5110421bb2856f4d312ecce192d079b5ec7

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.