Количество 2
Количество 2
CVE-2023-43664
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
GHSA-gvrg-62jp-rf7j
PrestaShop allows employee without any access rights to list all installed modules
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-43664 PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| GHSA-gvrg-62jp-rf7j PrestaShop allows employee without any access rights to list all installed modules | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу