CVE-2024-34717

Published: May 14, 2024Modified: Jan 21, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.

Affected (1)

Products: Prestashop: Prestashop

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Prestashop Prestashop	Version 8.1.5

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6

Source: security-advisories@github.com

Release Notes

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7pjr-2rgh-fc5g

Source: security-advisories@github.com

Vendor Advisory

https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7pjr-2rgh-fc5g

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.