Incorrect Access Control in Prestashop Salesbooster Plugin
CVE-2023-30196

7.5HIGH

Key Information:

Vendor: Webbax
Status: Salesbooster
Vendor: CVE Published:; 30 May 2023

What is CVE-2023-30196?

The Salesbooster plugin for Prestashop versions up to 1.10.4 is susceptible to incorrect access control, allowing unauthorized access to sensitive functions. This flaw can be exploited through the download.php script located in modules/salesbooster/downloads, potentially exposing private data to malicious users. For detailed guidance on mitigation, refer to the official security advisory and GitHub repository.

References

https://github.com/PrestaShop/PrestaShop/blob/6c05518b807...

https://friends-of-presta.github.io/security-advisories/m...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2023
Vulnerability Reserved
Apr 7, 2023

Webbax

What is CVE-2023-30196?

References

CVSS V3.1

Timeline