VYPR
Moderate severityNVD Advisory· Published May 14, 2024· Updated Aug 2, 2024

Anonymous PrestaShop customer can download other customers' invoices

CVE-2024-34717

Description

PrestaShop is an open source e-commerce web application. In PrestaShop 8.1.5, any invoice can be downloaded from front-office in anonymous mode, by supplying a random secure_key parameter in the url. This issue is patched in version 8.1.6. No known workarounds are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
prestashop/prestashopPackagist
>= 8.1.5, < 8.1.68.1.6

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.