CVE-2024-34717
CVE-2024-34717 affects PrestaShop 8.1.5 where any invoice can be downloaded from front-office in anonymous mode by supplying a random secure_key in the URL. The root cause is inadequate access controls (Insecure Direct Object Reference) that permits access to invoices without authentication. The ...