2 matches found
CVE-2020-26224
CVE-2020-26224 affects PrestaShop versions before 1.7.6.9. An attacker can list all orders on the site without authentication by abusing the function that recreates a shopping cart from an existing order, constituting an improper access control issue. The problem is fixed in version 1.7.6.9. Conn...
CVE-2020-26224 Improper Access Control in PrestaShop
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9...