CVE-2023-39528 Information

Description

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1 the displayAjaxEmailHTML method can be used to read any file on the server potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

Reference

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2 https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c