{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T18:49:23.800","vulnerabilities":[{"cve":{"id":"CVE-2023-39528","sourceIdentifier":"security-advisories@github.com","published":"2023-08-07T21:15:10.597","lastModified":"2024-11-21T08:15:36.583","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds."},{"lang":"es","value":"PrestaShop es una aplicación web de comercio electrónico de código abierto. Antes de la versión 8.1.1, el método \"displayAjaxEmailHTML\" puede ser utilizado para leer cualquier archivo en el servidor, potencialmente incluso fuera del proyecto si el servidor no está configurado correctamente. La versión 8.1.1 contiene un parche para este problema. No se conocen soluciones. "}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*","versionEndExcluding":"8.1.1","matchCriteriaId":"705A3EBE-48E5-4E3B-A8D8-471098F8B56E"}]}]}],"references":[{"url":"https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/PrestaShop/PrestaShop/commit/11de3a84322fa4ecd0995ac40d575db61804724c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-hpf4-v7v2-95p2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}