Insecure Permissions in Smart Soft Advancedexport Software by Smart Soft
CVE-2023-43984

7.5HIGH

Key Information:

Vendor: Advanced Export Products Orders Cron Csv Excel Project
Status: Advanced Export Products Orders Cron Csv Excel
Vendor: CVE Published:; 7 November 2023

🔔 Create Advanced Export Products Orders Cron Csv Excel Project Vulnerability Alert

What is CVE-2023-43984?

The Smart Soft Advancedexport software versions prior to 4.4.7 have an insecure permissions issue that allows unauthenticated attackers to access and download sensitive user information from the ps_customer table. This vulnerability poses a significant risk to data confidentiality, potentially leading to unauthorized access to customer data for malicious purposes.

References

https://security.friendsofpresta.org/modules/2023/11/07/a...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2023
Vulnerability Reserved
Sep 25, 2023

CVE-2023-43984 Data

JSON