CVE-2023-43664

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.1.2

Description The issue concerns the PrestaShop Back office interface, where an employee can list all modules without any access rights due to the method ajaxProcessGetPossibleHookingListForModule not checking access rights. This issue has been addressed in a commit included in version 8.1.2.

Recommendations For versions prior to 8.1.2, upgrade to version 8.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the ajaxProcessGetPossibleHookingListForModule method until the upgrade is applied.