CVE-2023-25170

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.0.1

Description PrestaShop is an open source e-commerce web application that is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes, which does not clear CSRF tokens upon login. This might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation.

Recommendations For versions prior to 8.0.1, update to version 8.0.1 to resolve the issue. As a temporary workaround, consider clearing CSRF tokens upon login to prevent same-site attackers from bypassing the CSRF protection mechanism. Restrict access to sensitive areas of the application to minimize the risk of exploitation.