CVE-2023-46350

Name of the Vulnerable Software and Affected Versions PrestaShop versions 2.0.4 and before

Description The issue allows remote attackers to escalate privileges and obtain sensitive information. This is achieved via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike, and IdxrmanufacturerFunctions::getSuppliersLike in the InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module.

Recommendations For PrestaShop versions 2.0.4 and before, consider disabling the IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike, and IdxrmanufacturerFunctions::getSuppliersLike functions until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.