Jolelievre

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.1.2 **Description** PrestaShop is an Open Source e-commerce web application. In affected versions, any module can be disabled or uninstalled from the back office, even with low user rights. This allows low privileged users to disable portions of a shop's functionality. **Recommendations** For versions prior to 8.1.2, upgrade to version 8.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the back office for low privileged users until the upgrade is applied. There are no known workarounds for this issue other than upgrading to the fixed version.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions prior to 8.1.2 **Description** The issue concerns the PrestaShop Back office interface, where an employee can list all modules without any access rights due to the method `ajaxProcessGetPossibleHookingListForModule` not checking access rights. This issue has been addressed in a commit included in version 8.1.2. **Recommendations** For versions prior to 8.1.2, upgrade to version 8.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the `ajaxProcessGetPossibleHookingListForModule` method until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.6.x through 1.6.1.22 PrestaShop versions 1.7.x through 1.7.4.3 **Description** The issue allows remote attackers to write to arbitrary image files. **Recommendations** For PrestaShop versions 1.6.x through 1.6.1.22, update to version 1.6.1.23 or later. For PrestaShop versions 1.7.x through 1.7.4.3, update to version 1.7.4.4 or later.