Description
PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.
Remediation
References
Related Vulnerabilities
WordPress Plugin GD Rating System Cross-Site Scripting (2.0.2)
EspoCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-32789)
MySQL CVE-2020-2896 Vulnerability (CVE-2020-2896)
WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)