Access Control Flaw in PrestaShop Customer Export Module
CVE-2023-30282

7.5HIGH

Key Information:

Vendor: Prestashop
Status: Scexportcustomers
Vendor: CVE Published:; 4 May 2023

What is CVE-2023-30282?

The PrestaShop scexportcustomers module, specifically versions up to 3.6.1, exhibits an incorrect access control vulnerability. This oversight allows unauthorized guests to access sensitive export files, potentially leading to the exposure of personal customer data stored within the database. Proper permission checks are critical to safeguarding user information, and this flaw underscores the importance of robust access management in web applications.

References

https://friends-of-presta.github.io/security-advisories/m...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 4, 2023
Vulnerability Reserved
Apr 7, 2023

Prestashop

What is CVE-2023-30282?

References

CVSS V3.1

Timeline