Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Impact
Any module can be disabled or uninstalled from back office, even with low user right.
Patches
8.1.2
Workarounds
none
References
Permalink: https://github.com/advisories/GHSA-6jmf-2pfc-q9m7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-6jmf-2pfc-q9m7, CVE-2023-43663
References:
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7
- https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd
- https://nvd.nist.gov/vuln/detail/CVE-2023-43663
- https://github.com/advisories/GHSA-6jmf-2pfc-q9m7
Blast Radius: 1.3
Affected Packages
packagist:prestashop/prestashop
Dependent packages: 0Dependent repositories: 2
Downloads: 6,159 total
Affected Version Ranges: < 8.1.2
Fixed in: 8.1.2
All affected versions: 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.1.0, 8.1.1
All unaffected versions: 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.2.0