CVE-2023-30281

Опубликовано: 16 мая 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 7.5

EPSS Низкий

Описание

Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from ps_customer table sush as name / surname / email

Ссылки

https://friends-of-presta.github.io/security-advisories/modules/2023/05/04/scquickaccounting.html
Third Party Advisory
https://friends-of-presta.github.io/security-advisories/modules/2023/05/04/scquickaccounting.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:storecommander:scquickaccounting:*:*:*:*:*:prestashop:*:*

Версия до 3.7.3 (исключая)

EPSS

Процентиль: 17%

0.00055

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-276

Связанные уязвимости

GHSA-3j6m-cf6c-7f3h

CVSS3: 6.5

github

больше 2 лет назад

Insecure permissions in the ps_customer table of Prestashop scquickaccounting before v3.7.3 allows attackers to access sensitive information stored in the component.

EPSS

Процентиль: 17%

0.00055

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-276