CVE-2023-46354

Published: Dec 6, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address.

Affected (1)

Products: Myprestamodules: Orders (csv, Excel) Export Pro

Myprestamodules

1 product

Orders (csv, Excel) Export Pro

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Myprestamodules Orders (csv, Excel) Export Pro	Before 5.2.0

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://security.friendsofpresta.org/modules/2023/11/28/ordersexport.html

Source: cve@mitre.org

Third Party Advisory

https://security.friendsofpresta.org/modules/2023/11/28/ordersexport.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.