An issue was discovered in Presta World Account Manager - Sales Representative & Dealers - CRM (prestasalesmanager) module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo() and postProcess methods.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.