Описание
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information.
EPSS
Процентиль: 51%
0.00284
Низкий
7.5 High
CVSS3
Дефекты
CWE-359
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information.
EPSS
Процентиль: 51%
0.00284
Низкий
7.5 High
CVSS3
Дефекты
CWE-359