Home > Vulnerability Database > CVE-2023-43664

Mend.io Vulnerability Database

CVE-2023-43664

Date: September 28, 2023

PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method "ajaxProcessGetPossibleHookingListForModule" doesn't check access rights. This issue has been addressed in commit "15bd281c" which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.

Language: PHP

Severity Score

4.3

Related Resources (5)

Url: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j

Url: https://github.com/PrestaShop/PrestaShop

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-43664

Url: https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762

Url: https://www.mend.io/vulnerability-database/CVE-2023-43664

Severity Score

4.3

Weakness Type (CWE)

Improper Privilege Management

CWE-269

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-43664

Date: September 28, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?