Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA

PrestaShop allows users to uninstall modules from backoffice, even with low rights

Impact

Any module can be disabled or uninstalled from back office, even with low user right.

Patches

8.1.2

Workarounds

none

References

Permalink: https://github.com/advisories/GHSA-6jmf-2pfc-q9m7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 10 months ago
Updated: 9 months ago


CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Identifiers: GHSA-6jmf-2pfc-q9m7, CVE-2023-43663
References: Repository: https://github.com/PrestaShop/PrestaShop
Blast Radius: 1.3

Affected Packages

packagist:prestashop/prestashop
Dependent packages: 0
Dependent repositories: 2
Downloads: 3,836 total
Affected Version Ranges: < 8.1.2
Fixed in: 8.1.2
All affected versions: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.1.0, 8.1.1
All unaffected versions: 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6