Lucene search
Veracode Vulnerability DatabaseVERACODE:42658HistoryAug 09, 2023 - 7:45 a.m.
Improper Input Validation
2023-08-0907:45:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
prestashop
vulnerability
delete function
attachment.php
improper input validation
arbitrary files
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.0005 Low
EPSS
Percentile
17.4%
prestashop/prestashop is vulnerable to Improper Input Validation. The vulnerability exists in the delete function of Attachment.php because the file parameter is not properly handled which allows an attacker to delete arbitrary files.
| CPE | Name | Operator | Version |
|---|---|---|---|
| prestashop/prestashop | le | 8.1.0 | |
| prestashop/prestashop | le | 8.1.0 |
Related
prion
prion
Code injection
2023-08-07 21:15:00
osv
osv
PrestaShop file deletion via attachment API
2023-08-09 14:38:46
BIT-prestashop-2023-39529
2024-03-06 11:03:12
CVE-2023-39529
2023-08-07 21:15:10
github
github
PrestaShop file deletion via attachment API
2023-08-09 14:38:46
cvelist
cvelist
CVE-2023-39529 PrestaShop vulnerable to file deletion via attachment API
2023-08-07 20:37:15
nvd
nvd
CVE-2023-39529
2023-08-07 21:15:10
cve
cve
CVE-2023-39529
2023-08-07 21:15:10
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
0.0005 Low
EPSS
Percentile
17.4%
Related for VERACODE:42658