PT-2024-21958 · Prestashop · Apaczka Plugin
Jakub Przepiã³R
+1
·
Published
2024-04-04
·
Updated
2024-11-20
·
CVE-2024-2759
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apaczka plugin for PrestaShop versions v1 through v4
Description
The issue is related to improper access control in the Apaczka plugin for PrestaShop, allowing unauthorized information gathering from saved templates without the need for authentication.
Recommendations
For Apaczka plugin for PrestaShop versions v1 through v4, consider restricting access to saved templates until a proper fix is applied.
As a temporary workaround, restrict access to the template saving functionality to minimize the risk of exploitation.
Avoid using the Apaczka plugin for PrestaShop until the issue is resolved.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apaczka Plugin