CVE-2023-43663 MEDIUM

CVE-2023-43663: Improper Privilege Management in Prestashop

Vendor Prestashop

Product PrestaShop

Weakness CWE-269

Published September 28, 2023

Last update September 20, 2024

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

Key dates

02Disclosure timeline

September 28, 2023 CVE published

September 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-43663 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

CVE-2023-43663: Improper Privilege Management in Prestashop

01Description

02Disclosure timeline

03References

04Related CVE