Vulnerability: Unauthorized Module Disabling in PrestaShop

Vulnerability: Unauthorized Module Disabling in PrestaShop

CVE-2023-43663 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

Learn more about our Cis Benchmark Audit For Microsoft Office.