Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Vulnerability Description
PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
Vulnerability Type
授权机制不恰当
Vulnerability Title
PrestaShop 授权问题漏洞
Vulnerability Description
PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop blockreassurance 5.1.4之前版本存在授权问题漏洞,该漏洞源于当在blockreassurance模块中添加块时,BO用户可以修改http请求并给出项目中任何文件的路径,当从BO中删除该块时,该文件将被删除。
CVSS Information
N/A
Vulnerability Type
N/A