Description
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
Remediation
References
Related Vulnerabilities
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.20)
MySQL CVE-2019-2739 Vulnerability (CVE-2019-2739)
WordPress Plugin Google Analytics Top Content Widget Cross-Site Scripting (1.5.6)
XWikiplatform Missing Authorization Vulnerability (CVE-2024-45591)
WordPress Plugin Affiliates Manager Cross-Site Request Forgery (2.6.5)