Access Control Vulnerability in PrestaShop Custom Exporter Plugin
CVE-2023-30199

7.5HIGH

Key Information:

Vendor: Webbax
Status: Customexporter
Vendor: CVE Published:; 19 May 2023

What is CVE-2023-30199?

The PrestaShop Custom Exporter plugin version 1.7.20 and earlier is susceptible to an incorrect access control issue. This vulnerability arises from improper validation in the download.php script located in the modules/customexporter directory. By exploiting this flaw, an unauthorized user can gain access to restricted files, posing a serious threat to the integrity and confidentiality of sensitive data. Operators of sites utilizing this plugin should take immediate action to secure their installations.

References

https://github.com/PrestaShop/PrestaShop/blob/6c05518b807...

https://friends-of-presta.github.io/security-advisories/m...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2023
Vulnerability Reserved
Apr 7, 2023

Webbax

What is CVE-2023-30199?

References

CVSS V3.1

Timeline