Vulnerabilities > CVE-2019-13461 - Authorization Bypass Through User-Controlled Key vulnerability in Prestashop
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://assets.prestashop2.com/en/system/files/ps_releases/changelog_1.7.6.0-rc2.txt
- https://assets.prestashop2.com/en/system/files/ps_releases/changelog_1.7.6.0-rc2.txt
- https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=40
- https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=40