Vulnerabilities > CVE-2023-48926 - Missing Authorization vulnerability in Prestashop Advanced Loyalty Program

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

prestashop

CWE-862

NVD

Published: 2024-01-16

Updated: 2024-01-23

Summary

An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status.

Vulnerable Configurations

Part	Description	Count
Application	Prestashop Prestashop Advanced Loyalty Program *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/202ecommerce/security-advisories/security/advisories/GHSA-jp2c-mj65-qpmw