Home > Vulnerability Database > CVE-2023-39528

Mend.io Vulnerability Database

CVE-2023-39528

Date: August 7, 2023

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the "displayAjaxEmailHTML" method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

Language: PHP

Severity Score

6.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-39528

Url: https://github.com/PrestaShop/PrestaShop

Url: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2

Url: https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c

Url: https://www.mend.io/vulnerability-database/CVE-2023-39528

Severity Score

6.8

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-39528

Date: August 7, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?