Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. prestashop/prestashop
  4. ›
  5. CVE-2023-39528

CVE-2023-39528: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

August 9, 2023 (updated August 10, 2023)

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the displayAjaxEmailHTML method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

References

  • github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c
  • github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2
  • github.com/advisories/GHSA-hpf4-v7v2-95p2
  • nvd.nist.gov/vuln/detail/CVE-2023-39528

Code Behaviors & Features

Detect and mitigate CVE-2023-39528 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions up to 8.1.0

Fixed versions

  • 8.1.1

Solution

Upgrade to version 8.1.1 or above.

Impact 8.6 HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Learn more about CVSS

Weakness

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Source file

packagist/prestashop/prestashop/CVE-2023-39528.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:15:07 +0000.