Description
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9.
Remediation
References
Related Vulnerabilities
WordPress Plugin Hero Maps Pro Cross-Site Scripting (2.1.0)
WordPress Plugin YITH Pre-Order for WooCommerce Security Bypass (1.1.9)
WordPress Plugin Theme My Login Local File Inclusion (6.3.9)
WordPress Plugin Form Vibes-Database Manager for Forms Unspecified Vulnerability (1.4.2)
markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2022-21670)