CVE-2024-34717 | THREATINT

Description

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.

PUBLISHED Reserved 2024-05-07 | Published 2024-05-14 | Updated 2024-08-02 | Assigner GitHub_M

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

= 8.1.5

affected

References

github.com/...taShop/security/advisories/GHSA-7pjr-2rgh-fc5g

github.com/PrestaShop/PrestaShop/releases/tag/8.1.6

github.com/...taShop/security/advisories/GHSA-7pjr-2rgh-fc5g

github.com/PrestaShop/PrestaShop/releases/tag/8.1.6

cve.org (CVE-2024-34717)

nvd.nist.gov (CVE-2024-34717)

Download JSON