In the module "CSV Feeds PRO"... CVE-2023-46355

- AV AC AU C I A
发布: 2023-11-27
修订: 2023-12-01

In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.

暂无可用Exp或PoC
当前有1条受影响产品信息