CVE-2023-43664

PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule doesn't check access rights. This issue has been addressed in commit 15bd281c which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.

Published: Sep 28, 2023
Updated: May 10, 2024
CVE: CVE-2023-43664
GHSA: GHSA-gvrg-62jp-rf7j
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
prestashop / prestashop	-	8.1.2
prestashop / prestashop	-	8.1.2

https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j

Vulnerability Database

289,784

CVE-2023-43664