PrestaShop CVE-2024-34717 vulnerability

Core

Score

5.3 Medium

Date publish

14-05-2024

Versiones afectadas

  • Versions from 8.1.5 up to and including 8.1.5

Description

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.

References

Metrics

cvssMetricV31
sourcesecurity-advisories@github.comnvd@nist.gov
typeSecondaryPrimary
version3.13.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
baseScore5.35.3
baseSeverityMEDIUMMEDIUM
attackVectorNETWORKNETWORK
attackComplexityLOWLOW
privilegesRequiredNONENONE
userInteractionNONENONE
scopeUNCHANGEDUNCHANGED
confidentialityImpactLOWLOW
integrityImpactNONENONE
availabilityImpactNONENONE
exploitabilityScore3.93.9
impactScore1.41.4
Scroll al inicio