Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2023-43664
Good to know:
Date: September 28, 2023
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
Language: PHP
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Privilege Management
CWE-269Top Fix
Upgrade Version
Upgrade to version prestashop/prestashop - dev-docker/support-DEV_MODE;prestashop/prestashop - dev-fix-warning-message-modauth;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-8.37.0;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-deprecation-1.4.1;prestashop/prestashop - dev-update-catalog-82x;prestashop/prestashop - dev-release-815;prestashop/prestashop - dev-fix/32306;prestashop/prestashop - dev-marionf-patch-1;prestashop/prestashop - dev-remove-sensio;prestashop/prestashop - 8.0.x-dev;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/mochawesome-merge-5.0.0;prestashop/prestashop - dev-update-issue;prestashop/prestashop - dev-8.0.0-rc1;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-html-8.0.0;prestashop/prestashop - dev-merge81devupdated;prestashop/prestashop - dev-catalog-extract;prestashop/prestashop - dev-1.7.8.7-release;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/pdfjs-dist-3.5.141;prestashop/prestashop - dev-updated-readme;prestashop/prestashop - dev-revert-31765-deprecated002;prestashop/prestashop - dev-mail-template-dir;prestashop/prestashop - 1.7.8.6;prestashop/prestashop - dev-symfony-layout;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-html-8.1.1;prestashop/prestashop - 1.7.8.0-rc.1;prestashop/prestashop - dev-myTesting;prestashop/prestashop - dev-improvement/33191b;prestashop/prestashop - dev-build-1-8.1.3;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/typescript-eslint/eslint-plugin-5.55.0;prestashop/prestashop - dev-1.7.8.2-build;prestashop/prestashop - 1.7.7.7;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/playwright-1.32.1;prestashop/prestashop - dev-delete_old_variants_thumbnails;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-import-2.28.0;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/faker-js/faker-8.0.2;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/mocha-10.3.0;prestashop/prestashop - dev-cron-js-routing;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/faker-js/faker-8.0.1;prestashop/prestashop - dev-178x-update-default-catalogue;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/eslint-plugin-html-8.1.0;prestashop/prestashop - dev-migrate/33183;prestashop/prestashop - dev-8.0.0-rc;prestashop/prestashop - dev-dependabot/npm_and_yarn/tests/UI/develop/jsdoc-to-markdown-8.0.3;prestashop/prestashop - dev-1.7.8.x-8.0.x;prestashop/prestashop - dev-improvement/33997;ravaljigesh/prestolara - no_fix;fpt/ps-core-legacy - no_fix;sumitwebkul/hotelcommerce - no_fix;sumitqlo/sumitqlo - no_fix;ycms/prestashop - 1.5.0.0;ycms/prestashop - 1.6.x-dev;ycms/prestashop - no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | LOW |
| Integrity (I): | NONE |
| Availability (A): | NONE |