Moderate severityNVD Advisory· Published Sep 28, 2023· Updated Sep 20, 2024
Improper Privilege Management in Prestashop
CVE-2023-43663
Description
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit ce1f6708 addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
prestashop/prestashopPackagist | < 8.1.2 | 8.1.2 |
Affected products
3- osv-coords2 versions
< 8.1.2+ 1 more
- (no CPE)range: < 8.1.2
- (no CPE)range: < 8.1.2
- Range: < 8.1.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-6jmf-2pfc-q9m7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-43663ghsaADVISORY
- github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cdghsax_refsource_MISCWEB
- github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.