Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PrestaShop vulnerable to file deletion via attachment API
Vulnerability Description
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
PrestaShop 输入验证错误漏洞
Vulnerability Description
PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop 8.1.1之前版本存在输入验证错误漏洞,该漏洞源于允许攻击者通过Attachments controller和Attachments API从服务器中删除文件。
CVSS Information
N/A
Vulnerability Type
N/A