Description

In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.

Remediation

References

CVE-2019-13461

Related Vulnerabilities

WordPress Plugin Premium Addons for Elementor Security Bypass (4.5.1)

WordPress 'admin-ajax.php' SQL Injection Vulnerability (2.1.3)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2983)

WordPress Plugin Bookly #1 WordPress Booking Plugin (Lite Version) Cross-Site Scripting (14.4)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Multiple Cross-Site Scripting Vulnerabilities (1.5.45)

Severity

High

Classification

CVE-2019-13461 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities