Описание
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Impact
Any module can be disabled or uninstalled from back office, even with low user right.
Patches
8.1.2
Workarounds
none
References
Пакеты
Наименование
prestashop/prestashop
composer
Затронутые версииВерсия исправления
< 8.1.2
8.1.2
Связанные уязвимости
CVSS3: 6.3
nvd
больше 2 лет назад
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.