Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote malicious user to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.