Vulnerabilities > CVE-2023-46354 - Missing Authorization vulnerability in Myprestamodules Orders (Csv, Excel) Export PRO

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

myprestamodules

CWE-862

NVD

Published: 2023-12-06

Updated: 2023-12-09

Summary

In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address.

Vulnerable Configurations

Part	Description	Count
Application	Myprestamodules Myprestamodules Orders (Csv, Excel) Export PRO 1.0.3 Myprestamodules Orders (Csv, Excel) Export PRO 1.0.4 Myprestamodules Orders (Csv, Excel) Export PRO 1.0.6 Myprestamodules Orders (Csv, Excel) Export PRO 1.0.7 Myprestamodules Orders (Csv, Excel) Export PRO 1.0.8 Myprestamodules Orders (Csv, Excel) Export PRO 1.1.0 Myprestamodules Orders (Csv, Excel) Export PRO 5.1.0 Myprestamodules Orders (Csv, Excel) Export PRO 5.1.1 Myprestamodules Orders (Csv, Excel) Export PRO 5.1.2 Myprestamodules Orders (Csv, Excel) Export PRO 5.1.3 Myprestamodules Orders (Csv, Excel) Export PRO 5.1.5 Myprestamodules Orders (Csv, Excel) Export PRO 5.1.6	12

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://security.friendsofpresta.org/modules/2023/11/28/ordersexport.html