File deletion via CustomerMessage

Moderate

matthieu-rolland published GHSA-v4gr-v679-42p7

Aug 7, 2023

Package

prestashop/prestashop (Composer)

Affected versions

<= 8.1.0

Patched versions

8.1.1

Description

Impact

It is possible to delete files from the server via the CustomerMessage API

Patches

8.1.1

Found by

Kto94 (via Yeswehack)

Workarounds

none

References

none

Severity

Moderate

6.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H