exploitDog

CVE-2023-46352

Опубликовано: 02 нояб. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smartmodules:facebookconversiontrackingplus:*:*:*:*:*:prestashop:*:*

Версия до 2.4.9 (исключая)

EPSS

Процентиль: 19%

0.00062

Низкий

7.5 High

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-5hg6-8h2v-cgjj

CVSS3: 7.5

github

больше 2 лет назад

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.

EPSS

Процентиль: 19%

0.00062

Низкий

7.5 High

CVSS3

Дефекты

CWE-862

CWE-862