Uninstall modules from backoffice, even with low rights

Moderate

jolelievre published GHSA-6jmf-2pfc-q9m7

Sep 28, 2023

Package

prestashop/prestashop (Composer)

Affected versions

< 8.1.1

Patched versions

8.1.2

Description

Impact

Any module can be disabled or uninstalled from back office, even with low user right.

Patches

8.1.2

Workarounds

none

References

Severity

Moderate

6.7

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H