CVE-2023-30281

Published: May 16, 2023Modified: Jan 23, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from ps_customer table sush as name / surname / email

Affected (1)

Products: Storecommander: Scquickaccounting

1 product

Scquickaccounting

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Storecommander Scquickaccounting	Before 3.7.3

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://friends-of-presta.github.io/security-advisories/modules/2023/05/04/scquickaccounting.html

Source: cve@mitre.org

Third Party Advisory

https://friends-of-presta.github.io/security-advisories/modules/2023/05/04/scquickaccounting.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.