loginascustomerpro- PrestaShop module vulnerability (CVE-2024-36677)

Moduleloginascustomerpro

Score

7.5 High

Date publish

19-06-2024

Versiones afectadas

  • Less than 1.2.7

Description

In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen.

References

Metrics

cvssMetricV31
source134c704f-9b21-4f2e-91b3-4a467353bcc0
typeSecondary
version3.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
baseScore7.5
baseSeverityHIGH
attackVectorNETWORK
attackComplexityLOW
privilegesRequiredNONE
userInteractionNONE
scopeUNCHANGED
confidentialityImpactHIGH
integrityImpactNONE
availabilityImpactNONE
exploitabilityScore3.9
impactScore3.6
Scroll al inicio