exploitDog

GHSA-fqvx-v26x-86c5

Опубликовано: 28 нояб. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.

In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.

Ссылки

EPSS

Процентиль: 25%

0.00088

Низкий

5.3 Medium

CVSS3

CVE ID

Связанные уязвимости

CVE-2023-46355

CVSS3: 5.3

nvd

около 2 лет назад

In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.

EPSS

Процентиль: 25%

0.00088

Низкий

5.3 Medium

CVSS3

CVE ID