Home > Vulnerability Database > CVE-2023-43663

Mend.io Vulnerability Database

CVE-2023-43663

Good to know:

Date: September 28, 2023

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

Language: PHP

Severity Score

6.3

Related Resources (5)

Url: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-43663

Url: https://github.com/PrestaShop/PrestaShop

Url: https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd

Url: https://www.mend.io/vulnerability-database/CVE-2023-43663

Severity Score

6.3

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-import-2.29.0;prestashop/prestashop - dev-remove-sensio;prestashop/prestashop - dev-dependency/faker;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/pdfjs-dist-4.2.67;prestashop/prestashop - dev-1.7.8.2-build;prestashop/prestashop - dev-build-1-8.1.3;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/mysql2-3.6.5;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/dotenv-16.3.2;prestashop/prestashop - dev-changelog-alpha-1-build-3;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/jsdoc-to-markdown-8.0.1;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/jsdoc-to-markdown-8.0.3;prestashop/prestashop - 1.7.8.0-rc.1;prestashop/prestashop - dev-improvement/33191b;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/pdfjs-dist-3.11.174;prestashop/prestashop - dev-8.0.0-rc1;prestashop/prestashop - 8.0.x-dev;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/chai-4.3.6;prestashop/prestashop - dev-PS_SMARTY_FORCE_COMPILE;prestashop/prestashop - dev-catalog-extract;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/types/libsodium-wrappers-0.7.13;prestashop/prestashop - dev-delete_old_variants_thumbnails;prestashop/prestashop - dev-updated-readme;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-html-8.0.0;prestashop/prestashop - dev-marionf-patch-1;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/types/libsodium-wrappers-0.7.12;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/multi-6156aff472;prestashop/prestashop - dev-1.7.8.7-release;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/typescript-5.3.2;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/mochawesome-merge-5.0.0;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/typescript-eslint/eslint-plugin-6.7.2;prestashop/prestashop - dev-update-issue;prestashop/prestashop - 1.7.7.7;prestashop/prestashop - dev-merge81devupdated;prestashop/prestashop - dev-fix-warning-message-modauth;prestashop/prestashop - dev-improvement/33997;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/types/chai-4.3.8;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-html-8.1.0;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/types/chai-string-1.4.4;prestashop/prestashop - dev-update-catalog-82x;prestashop/prestashop - dev-improvement/33191;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/typescript-eslint/eslint-plugin-8.0.0;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-8.50.0;prestashop/prestashop - dev-178x-update-default-catalogue;prestashop/prestashop - dev-cron-js-routing;prestashop/prestashop - dev-translation-extract;prestashop/prestashop - dev-1.7.8.x-8.0.x;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/fast-xml-parser-4.3.1;prestashop/prestashop - dev-docker/support-DEV_MODE;prestashop/prestashop - dev-develop-sf6;prestashop/prestashop - dev-refacto/loginPage;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/playwright-1.38.1;prestashop/prestashop - dev-mail-template-dir;prestashop/prestashop - 1.7.8.6;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/types/mochawesome-6.2.2;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/mocha-10.3.0;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-html-8.1.1;prestashop/prestashop - dev-myTesting;prestashop/prestashop - dev-8.0.0-rc;ycms/prestashop - 1.5.0.0;ycms/prestashop - no_fix;fpt/ps-core-legacy - no_fix;ravaljigesh/prestolara - no_fix

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-43663

Good to know:

Date: September 28, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?