CVE-2023-45380

Name of the Vulnerable Software and Affected Versions Order Duplicator module for PrestaShop versions <= 1.1.7

Description The issue allows a guest to download personal information without restriction due to a lack of permissions control. This includes accessing data from the ps customer and ps address tables, such as name, surname, phone number, and full postal address.

Recommendations For versions <= 1.1.7, update to a version greater than 1.1.7 to resolve the issue. As a temporary workaround, consider restricting access to the Order Duplicator module until a patch is available. Additionally, restrict access to the ps customer and ps address tables to minimize the risk of exploitation.