CVE-2023-46354

Name of the Vulnerable Software and Affected Versions Orders (CSV, Excel) Export PRO module for PrestaShop versions prior to 5.2.0

Description The issue allows a guest to download personal information without restriction due to a lack of permissions control. This can lead to a leak of personal information from tables such as ps customer and ps address, including details like name, surname, email, phone number, and full postal address.

Recommendations For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the module's export functionality to prevent unauthorized downloads of personal information.