CVE-2019-13461

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 1.7.6.0 RC2

Description The issue allows an attacker to leak personal customer information due to an Insecure Direct Object Reference vulnerability. This is caused by guessable values sent to the web application during checkout, specifically affecting the id address delivery and id address invoice parameters.

Recommendations For versions prior to 1.7.6.0 RC2, update to version 1.7.6.0 RC2 or later to resolve the issue. As a temporary workaround, consider restricting access to the checkout process to minimize the risk of exploitation. Avoid using the id address delivery and id address invoice parameters in sensitive transactions until the issue is resolved.