Vulnerabilities > CVE-2023-46352 - Missing Authorization vulnerability in Smartmodules Facebookconversiontrackingplus 2.4.8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
References
- https://addons.prestashop.com/en/analytics-statistics/18739-pixel-plus-events-capi-pixel-catalog-for-facebook.html
- https://addons.prestashop.com/en/analytics-statistics/18739-pixel-plus-events-capi-pixel-catalog-for-facebook.html
- https://security.friendsofpresta.org/modules/2023/10/31/facebookconversiontrackingplus.html
- https://security.friendsofpresta.org/modules/2023/10/31/facebookconversiontrackingplus.html