In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from ps_customer/ps_address tables such as name / surname / phone number / full postal address.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-07T00:00:00

Updated: 2024-09-05T14:30:05.022Z

Reserved: 2023-10-09T00:00:00

Link: CVE-2023-45380

cve-icon Vulnrichment

Updated: 2024-08-02T20:21:16.363Z

cve-icon NVD

Status : Modified

Published: 2023-11-07T23:15:07.780

Modified: 2024-11-21T08:26:51.660

Link: CVE-2023-45380

cve-icon Redhat

No data.