๐ Improper access control with submitReorder function
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: portal.patchman.co
An attacker was able to list all the orders placed on the website without being logged by abusing the function that allowed a shopping cart to be recreated from an order already placed.
This vulnerability affects the following application versions:
- PrestaShop 1.7.0.0
- PrestaShop 1.7.0.0 beta1
- PrestaShop 1.7.0.0 beta2
- PrestaShop 1.7.0.0 beta3
- PrestaShop 1.7.0.0 RC0
- PrestaShop 1.7.0.0 RC1
- PrestaShop 1.7.0.0 RC2
- PrestaShop 1.7.0.0 RC3
- PrestaShop 1.7.0.1
- PrestaShop 1.7.0.2
- PrestaShop 1.7.0.3
- PrestaShop 1.7.0.4
- PrestaShop 1.7.0.5
- PrestaShop 1.7.0.6
- PrestaShop 1.7.1.0
- PrestaShop 1.7.1.0 beta1
- PrestaShop 1.7.1.1
- PrestaShop 1.7.1.2
- PrestaShop 1.7.2.0
- PrestaShop 1.7.2.0 RC 1
- PrestaShop 1.7.2.1
- PrestaShop 1.7.2.2
- PrestaShop 1.7.2.3
- PrestaShop 1.7.2.4
- PrestaShop 1.7.2.5
- PrestaShop 1.7.3.0
- PrestaShop 1.7.3.0 beta 1
- PrestaShop 1.7.3.0 RC 1
- PrestaShop 1.7.3.1
- PrestaShop 1.7.3.2
- PrestaShop 1.7.3.3
- PrestaShop 1.7.3.4
- PrestaShop 1.7.4.0
- PrestaShop 1.7.4.0 beta 1
- PrestaShop 1.7.4.1
- PrestaShop 1.7.4.2
- PrestaShop 1.7.4.3
- PrestaShop 1.7.4.4
- PrestaShop 1.7.5.0
- PrestaShop 1.7.5.0 beta 1
- PrestaShop 1.7.5.0 RC 1
- PrestaShop 1.7.5.1
- PrestaShop 1.7.5.2
- PrestaShop 1.7.6.0
- PrestaShop 1.7.6.0 beta 1
- PrestaShop 1.7.6.0 RC 1
- PrestaShop 1.7.6.0 RC 2
- PrestaShop 1.7.6.1
- PrestaShop 1.7.6.2
- PrestaShop 1.7.6.3
- PrestaShop 1.7.6.4
- PrestaShop 1.7.6.4 1
- PrestaShop 1.7.6.5
- PrestaShop 1.7.6.5 1
- PrestaShop 1.7.6.6
- PrestaShop 1.7.6.7
- PrestaShop 1.7.6.8