Описание
PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.
Ссылки
- Release Notes
- Vendor Advisory
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:prestashop:prestashop:8.1.5:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00403
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
больше 1 года назад
Anonymous PrestaShop customer can download other customers' invoices
EPSS
Процентиль: 60%
0.00403
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo