scexportcustomers- PrestaShop module vulnerability (CVE-2023-30282)

Modulescexportcustomers

Score

7.5 High

Date publish

04-05-2023

Versiones afectadas

  • Up to and including 3.6.1

Description

PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.

References

Metrics

cvssMetricV31
sourcenvd@nist.gov134c704f-9b21-4f2e-91b3-4a467353bcc0
typePrimarySecondary
version3.13.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
baseScore7.57.5
baseSeverityHIGHHIGH
attackVectorNETWORKNETWORK
attackComplexityLOWLOW
privilegesRequiredNONENONE
userInteractionNONENONE
scopeUNCHANGEDUNCHANGED
confidentialityImpactHIGHHIGH
integrityImpactNONENONE
availabilityImpactNONENONE
exploitabilityScore3.93.9
impactScore3.63.6
Scroll al inicio