CVE-2023-39528

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.1.1

Description The issue concerns the displayAjaxEmailHTML method, which can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. This could potentially lead to a Remote Code Execution (RCE) vulnerability when combined with the Deserialization of Untrusted Data.

Recommendations For PrestaShop versions prior to 8.1.1, update to version 8.1.1 to resolve the issue. As a temporary workaround, consider restricting access to the displayAjaxEmailHTML method until the patch is applied.