CVE-2023-47109

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 5.1.4

Description The issue affects the blockreassurance module in PrestaShop, which is designed to offer helpful information to reassure customers about the store's trustworthiness. A back-office (BO) user can modify an HTTP request when adding a block in this module, allowing them to specify the path of any file in the project instead of an image. If the block is then deleted from the back-office, the specified file will also be deleted. This could potentially make the website completely unavailable if critical files, such as index.php, are removed.

Recommendations For PrestaShop versions prior to 5.1.4, update to version 5.1.4 to resolve the issue. As a temporary workaround, consider restricting access to the blockreassurance module to prevent unauthorized file deletion until the update can be applied.