N/A

An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

N/A

N/A

Prestashop 输入验证错误漏洞

Prestashop是美国Prestashop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 Prestashop Opart devis 4.0.2之前版本存在输入验证错误漏洞，该漏洞允许未经身份验证的攻击者可以通过利用送货地址和发票地址字段上的IDOR访问任何用户的发票和送货地址。

N/A

N/A