Description
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2015-8616)
MySQL CVE-2013-1502 Vulnerability (CVE-2013-1502)
WordPress Plugin Widgets on Pages Cross-Site Scripting (1.6.0)
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-44308)
WordPress Plugin Kraken.io Image Optimizer Cross-Site Request Forgery (2.6.5)