The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files.
View the template here CVE-2023-27640.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-27640