Moderate severityNVD Advisory· Published Sep 28, 2023· Updated Sep 20, 2024
Improper Privilege Management in Prestashop
CVE-2023-43663
Description
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit ce1f6708 addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prestashop/prestashopPackagist | < 8.1.2 | 8.1.2 |
Affected products
1- Range: < 8.1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-6jmf-2pfc-q9m7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-43663ghsaADVISORY
- github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cdghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.