Description

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.

Remediation

References

CVE-2024-34717

Related Vulnerabilities

WordPress Plugin GeoDirectory-WordPress Business Directory and Classified Ads Listings SQL Injection (2.2.23)

WordPress Plugin GD Rating System Cross-Site Scripting (2.0.2)

EspoCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-32789)

MySQL CVE-2020-2896 Vulnerability (CVE-2020-2896)

WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)

Severity

Medium

Classification

CVE-2024-34717 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities