CVE-2023-39525

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Aug 7, 2023

Updated: Aug 10, 2023

CWE ID 22

Summary

CVE-2023-39525 is a vulnerability affecting PrestaShop, an open-source e-commerce web application. Prior to version 8.1.1, the application's back office was susceptible to file compromise due to a path traversal issue. Attackers could manipulate a file import deletion query to access and modify files outside the intended directory. Version 8.1.1 includes a patch to address this vulnerability, which was implemented to prevent such traversal attacks. There are currently no known workarounds for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Prestashop E-Commerce Solution

Affected Vendors

PrestaShop

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sNkb3S
https://www.cve.org/CVERecord?id=CVE-2023-39525
https://nvd.nist.gov/vuln/detail/CVE-2023-39525

Back to Vulnerability Database