Samuel Bodevin

**Name of the Vulnerable Software and Affected Versions** PrestaShop version 8.1.5 **Description** PrestaShop is an open source e-commerce web application. The issue allows any invoice to be downloaded from the front-office in anonymous mode by supplying a random `secure key` parameter in the url. **Recommendations** For PrestaShop version 8.1.5, upgrade to version 8.1.6 to resolve the issue. As a temporary workaround, consider restricting access to invoice downloads until the patch is applied.