Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PrestaShop Improper Privilege Management Vulnerability (CVE-2023-43663)

Description

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

Remediation

References

Related Vulnerabilities

WordPress Plugin Live Scores for SportsPress Multiple Vulnerabilities (1.9.0)

WordPress Plugin UnGallery Local File Disclosure (1.5.8)

Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-1000890)

WordPress Plugin WP BASE Booking of Appointments, Services and Events PHP Object Injection (3.5.0)

WordPress 4.4.x Cross-Domain Flash Injection Vulnerability (4.4 - 4.4.13)

Severity

Medium

Classification

CVE-2023-43663 CWE-269 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities