CVE-2023-46355

N/A

In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.

N/A

N/A

PrestaShop 安全漏洞

PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop CSV feeds Pro 2.6.1之前版本存在安全漏洞，该漏洞源于由于访问控制过于宽松，不会强制管理员使用密码，访客可以访问模块的导出，这可能导致 ps_customer / ps_order 表中的个人信息泄露，攻击者利用该漏洞可以不受限制地下载个人信息。

N/A

N/A