Description

In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.

Remediation

References

CVE-2019-13461

Related Vulnerabilities

SharePoint CVE-2023-21744 Vulnerability (CVE-2023-21744)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5492)

Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2019-18838)

WordPress Plugin JupiterX Core Multiple Vulnerabilities (2.0.6)

WordPress Plugin wp-football Multiple Cross-Site Scripting Vulnerabilities (1.1)

Severity

High

Classification

CVE-2019-13461 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities