Lucene search
HistoryMay 04, 2023 - 10:15 p.m.
CVE-2023-30282
prestashop
scexportcustomers
vulnerability
unauthorized access
personal information
customer table
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
43.0%
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions’ control, a guest can access exports from the module which can lead to leak of personal information from customer table.
Affected configurations
Node
prestashopscexportcustomersRange≤3.6.1prestashop
| Vendor | Product | Version | CPE |
|---|---|---|---|
| prestashop | scexportcustomers | * | cpe:2.3:a:prestashop:scexportcustomers:*:*:*:*:*:prestashop:*:* |
Related
cvelist
cvelist
CVE-2023-30282
2023-05-04 00:00:00
cve
cve
CVE-2023-30282
2023-05-04 22:15:09
prion
prion
Improper access control
2023-05-04 22:15:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
43.0%
Related for NVD:CVE-2023-30282