Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Impact
Any module can be disabled or uninstalled from back office, even with low user right.
Patches
8.1.2
Workarounds
none
References
Permalink: https://github.com/advisories/GHSA-6jmf-2pfc-q9m7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: 22 days ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-6jmf-2pfc-q9m7, CVE-2023-43663
References:
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7
- https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd
- https://nvd.nist.gov/vuln/detail/CVE-2023-43663
- https://github.com/advisories/GHSA-6jmf-2pfc-q9m7
Affected Packages
packagist:prestashop/prestashop
Versions: < 8.1.2Fixed in: 8.1.2