Aug. 7, 2023, 9:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

application commerce cve e-commerce file issue open source patch prestashop project server version web web application

Information Security Engineers

@ D. E. Shaw Research | New York City

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

Brand Experience and Development Associate (Libby's Pumpkin)

@ Nestlé | Arlington, VA, US, 22209

Cybersecurity Analyst

@ L&T Technology Services | Milpitas, CA, US

Information Security Analyst

@ Fortinet | Burnaby, BC, Canada