PrestaShop modules can be disabled by low-privileged users (Fixed in 8.1.2)
CVE-2023-43663 Published on September 28, 2023
Improper Privilege Management in Prestashop
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
Vulnerability Analysis
CVE-2023-43663 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2023-43663
Want to know whenever a new CVE is published for PrestaShop? stack.watch will email you.
Affected Versions
PrestaShop Version < 8.1.2 is affected by CVE-2023-43663Vulnerable Packages
The following package name and versions may be associated with CVE-2023-43663
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| composer | prestashop/prestashop | < 8.1.2 | 8.1.2 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.