Lucene search
GitHub Advisory DatabaseGHSA-2RF5-3FW8-QM47HistoryAug 09, 2023 - 2:38 p.m.
PrestaShop file deletion via attachment API
2023-08-0914:38:46
CWE-20
GitHub Advisory Database
github.com
16
prestashop
file deletion
attachment api
impact
patches
yeswehack
kto94
server
controller
security
vulnerability
software
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.0005 Low
EPSS
Percentile
17.4%
Impact
It is possible to delete a file from the server by using the Attachments controller and the Attachments API.
Patches
8.1.1
Found by
Kto94 (via Yeswehack)
Workarounds
none
References
none
Affected configurations
Node
prestashopprestashopRange≤8.1.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| prestashop/prestashop | le | 8.1.0 |
Related
prion
prion
Code injection
2023-08-07 21:15:00
osv
osv
PrestaShop file deletion via attachment API
2023-08-09 14:38:46
BIT-prestashop-2023-39529
2024-03-06 11:03:12
CVE-2023-39529
2023-08-07 21:15:10
cvelist
cvelist
CVE-2023-39529 PrestaShop vulnerable to file deletion via attachment API
2023-08-07 20:37:15
nvd
nvd
CVE-2023-39529
2023-08-07 21:15:10
veracode
veracode
Improper Input Validation
2023-08-09 07:45:35
cve
cve
CVE-2023-39529
2023-08-07 21:15:10
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.0005 Low
EPSS
Percentile
17.4%
Related for GHSA-2RF5-3FW8-QM47