First published: Mon Aug 07 2023(Updated: )
### Impact In the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path, using traversal path. ### Patches 8.1.1 ### Found by Aleksey Solovev (Positive Technologies) ### Workarounds none ### References none
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | <8.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
In the back office of PrestaShop, files can be compromised using path traversal, allowing an attacker to replay an import file deletion query with a specified file path.
CVE-2023-39525 has a severity rating of 9.1 (Critical).
An attacker can exploit CVE-2023-39525 by manipulating the import file deletion query and using a traversal path to compromise files in the PrestaShop back office.
Yes, version 8.1.1 of PrestaShop contains a patch for CVE-2023-39525.
You can find more information about CVE-2023-39525 on the GitHub Security Advisory, the NIST National Vulnerability Database, and the GitHub commit page.