Kto94

Pesquisador deYeswehack
#19794de 53,635
13.2CVSS total
Vulnerabilidades · 2
Média
2
PT-2023-27000
6.7
2023-08-07
Unknown · Prestashop · CVE-2023-39529
**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.1.1 **Description** The issue allows an attacker to delete a file from the server by utilizing the Attachments controller and the Attachments API. There are no known workarounds for this issue. **Recommendations** For PrestaShop versions prior to 8.1.1, update to version 8.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the Attachments controller and the Attachments API until the update is applied.
PT-2023-27001
6.5
2023-08-07
Unknown · Prestashop · CVE-2023-39530
**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.1.1 **Description** The issue allows deletion of files from the server via the `CustomerMessage` API. There are no known workarounds for this problem. **Recommendations** For versions prior to 8.1.1, update to version 8.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the `CustomerMessage` API until the update is applied.