Lucene search
GoogleOSV:GHSA-2RF5-3FW8-QM47HistoryAug 09, 2023 - 2:38 p.m.
PrestaShop file deletion via attachment API
2023-08-0914:38:46
Google
osv.dev
13
prestashop
file deletion
attachments
api
impact
server
patch
8.1.1
discovered
kto94
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.0005 Low
EPSS
Percentile
17.4%
Impact
It is possible to delete a file from the server by using the Attachments controller and the Attachments API.
Patches
8.1.1
Found by
Kto94 (via Yeswehack)
Workarounds
none
References
none
Related
prion
prion
Code injection
2023-08-07 21:15:00
github
github
PrestaShop file deletion via attachment API
2023-08-09 14:38:46
cvelist
cvelist
CVE-2023-39529 PrestaShop vulnerable to file deletion via attachment API
2023-08-07 20:37:15
nvd
nvd
CVE-2023-39529
2023-08-07 21:15:10
osv
osv
BIT-prestashop-2023-39529
2024-03-06 11:03:12
CVE-2023-39529
2023-08-07 21:15:10
veracode
veracode
Improper Input Validation
2023-08-09 07:45:35
cve
cve
CVE-2023-39529
2023-08-07 21:15:10
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.0005 Low
EPSS
Percentile
17.4%
Related for OSV:GHSA-2RF5-3FW8-QM47