CVE-2023-43663

Summary

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit ce1f6708 addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

Affected Software

VendorProductVersion RangeStatus
PrestaShopPrestaShop< 8.1.2affected

Weaknesses

  • CWE-269: CWE-269: Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References