Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PrestaShop 安全漏洞
Vulnerability Description
PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop CSV feeds Pro 2.6.1之前版本存在安全漏洞,该漏洞源于由于访问控制过于宽松,不会强制管理员使用密码,访客可以访问模块的导出,这可能导致 ps_customer / ps_order 表中的个人信息泄露,攻击者利用该漏洞可以不受限制地下载个人信息。
CVSS Information
N/A
Vulnerability Type
N/A