Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PrestaShop has a time based enumeration in FO login form
Vulnerability Description
PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. This vulnerability is fixed in 8.2.4 and 9.0.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
PrestaShop 安全漏洞
Vulnerability Description
PrestaShop是美国PrestaShop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop 8.2.4之前版本和9.0.3之前版本存在安全漏洞,该漏洞源于用户身份验证功能中存在基于时间的用户枚举漏洞,允许攻击者通过测量响应时间来确定系统中是否存在客户账户。
CVSS Information
N/A
Vulnerability Type
N/A