In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address.
References
| Link | Resource |
|---|---|
| https://security.friendsofpresta.org/modules/2023/11/28/ordersexport.html | Third Party Advisory |
| https://security.friendsofpresta.org/modules/2023/11/28/ordersexport.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:28
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://security.friendsofpresta.org/modules/2023/11/28/ordersexport.html - Third Party Advisory |
09 Dec 2023, 04:52
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| References | () https://security.friendsofpresta.org/modules/2023/11/28/ordersexport.html - Third Party Advisory | |
| CPE | cpe:2.3:a:myprestamodules:orders_\(csv\,_excel\)_export_pro:*:*:*:*:*:prestashop:*:* | |
| CWE | CWE-862 |
06 Dec 2023, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-06 23:15
Updated : 2024-11-21 08:28
NVD link : CVE-2023-46354
Mitre link : CVE-2023-46354
CVE.ORG link : CVE-2023-46354
JSON object : View
Products Affected
myprestamodules
- orders_\(csv\,_excel\)_export_pro
CWE
CWE-862
Missing Authorization