Prestashop · Prestashop · CVE-2020-26224
**Name of the Vulnerable Software and Affected Versions**
PrestaShop versions prior to 1.7.6.9
**Description**
The issue allows an attacker to list all orders placed on a website without being logged in by exploiting a function that recreates a shopping cart from an already placed order.
**Recommendations**
For PrestaShop versions prior to 1.7.6.9, update to version 1.7.6.9 to resolve the issue.