Access Control Issues in Winbiz Payment Module for PrestaShop
CVE-2023-30198

7.5HIGH

Key Information:

Vendor: Webbax
Status: Winbizpayment
Vendor: CVE Published:; 12 June 2023

What is CVE-2023-30198?

The Winbiz Payment module for PrestaShop prior to version 1.0.3 contains an access control vulnerability that allows unauthorized users to access restricted functionalities through the download.php script. Exploiting this vulnerability can lead to data exposure or misuse of payment handling features.

References

https://github.com/PrestaShop/PrestaShop/blob/6c05518b807...

https://friends-of-presta.github.io/security-advisories/m...

http://packetstormsecurity.com/files/173136/PrestaShop-Wi...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2023
Vulnerability Reserved
Apr 7, 2023

Webbax

What is CVE-2023-30198?

References

EPSS Score

CVSS V3.1

Timeline