Lucene search

CVE-2024-34717 Anonymous PrestaShop customer can download other customers' invoices

🗓️ 14 May 2024 15:27:47Reported by GitHub_MType

Anonymous PrestaShop customers can download other customers' invoices in version 8.1.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
NVD	CVE-2024-34717	14 May 202416:17	–	nvd
CVE	CVE-2024-34717	14 May 202416:17	–	cve
OSV	CVE-2024-34717	14 May 202416:17	–	osv
OSV	BIT-PRESTASHOP-2024-34717	24 May 202407:31	–	osv
OSV	GHSA-7PJR-2RGH-FC5G Anonymous PrestaShop customer can download other customers' invoices	14 May 202420:17	–	osv
Github Security Blog	Anonymous PrestaShop customer can download other customers' invoices	14 May 202420:17	–	github
Vulnrichment	CVE-2024-34717 Anonymous PrestaShop customer can download other customers' invoices	14 May 202415:47	–	vulnrichment
Veracode	Insecure Direct Object Reference (IDOR)	15 May 202406:29	–	veracode

[
  {
    "vendor": "PrestaShop",
    "product": "PrestaShop",
    "versions": [
      {
        "version": "= 8.1.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7pjr-2rgh-fc5g
github	www.github.com/PrestaShop/PrestaShop/releases/tag/8.1.6

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 May 2024 15:47Current

5.4Medium risk

Vulners AI Score5.4

CVSS35.3

EPSS0.00064

CWE-200