In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-27T00:00:00
Updated: 2024-08-02T20:45:41.591Z
Reserved: 2023-10-23T00:00:00
Link: CVE-2023-46355
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-27T23:15:07.520
Modified: 2024-11-21T08:28:21.423
Link: CVE-2023-46355
Redhat
No data.