logo

Database

Excessive privileges In prestashop/prestashop

Description

PrestaShop allows users to uninstall modules from backoffice, even with low rights

Impact

Any module can be disabled or uninstalled from back office, even with low user right.

Patches

8.1.2

Workarounds

none

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-436632. NVD-2023-436633. OSV-2023-436634. GHSA-6jmf-2pfc-q9m75. GCVE-2023-43663

References

1. https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m72. https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.