CVE-2023-43664: Improper Privilege Management
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method ajaxProcessGetPossibleHookingListForModule
does not check access rights. This issue has been addressed in commit 15bd281c
which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
References
Detect and mitigate CVE-2023-43664 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →