exploitDog

CVE-2023-46355

Опубликовано: 27 нояб. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.

Ссылки

https://security.friendsofpresta.org/modules/2023/11/23/csvfeeds.html
Third Party Advisory
https://security.friendsofpresta.org/modules/2023/11/23/csvfeeds.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blmodules:csv_feeds_pro:*:*:*:*:*:prestashop:*:*

Версия до 2.6.1 (исключая)

EPSS

Процентиль: 26%

0.00088

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fqvx-v26x-86c5

CVSS3: 5.3

github

около 2 лет назад

In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.

EPSS

Процентиль: 26%

0.00088

Низкий

5.3 Medium

CVSS3

Дефекты

NVD-CWE-Other