Description
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3731)
WordPress Plugin My Tickets Cross-Site Scripting (1.5.0)
Liferay version older than 7.1
WordPress Plugin SimpleFlickr Cross-Site Request Forgery (3.0.3)
WordPress Plugin Welcome Announcement Multiple Cross-Site Scripting Vulnerabilities (1.0.5)