CVE-2023-39530

MEDIUM6.5EPSS 1.00%

PrestaShop file deletion via CustomerMessage

Published: 8/9/2023Modified: 2/16/2024

Also known as:GHSA-v4gr-v679-42p7BIT-prestashop-2023-39530

Description

### Impact It is possible to delete files from the server via the CustomerMessage API ### Patches 8.1.1 ### Found by Kto94 (via Yeswehack) ### Workarounds none ### References none

Affected packages (2)

Bitnami/prestashopfrom 0, < 8.1.1
Packagist/prestashop/prestashopfrom 0, < 8.1.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-39530
PATCHhttps://github.com/PrestaShop/PrestaShop
WEBhttps://github.com/PrestaShop/PrestaShop/commit/6ce750b2367a7309b6bf50166f1873cb86ad57e9
WEBhttps://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-v4gr-v679-42p7