Описание
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights. This issue has been addressed in commit 15bd281c which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.1.2 (исключая)
cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
EPSS
Процентиль: 47%
0.00239
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 4.3
github
больше 2 лет назад
PrestaShop allows employee without any access rights to list all installed modules
EPSS
Процентиль: 47%
0.00239
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-269