CVE-2023-43663

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.

Related Vulnerabilities

CVE-2015-9390

MEDIUM
CVSS:4.3(Medium)

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.

CWE-2692015

CVE-2017-10857

MEDIUM
CVSS:4.3(Medium)

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

CWE-2692017

CVE-2017-1326

MEDIUM
CVSS:4.3(Medium)

IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the ...

CWE-2692017

CVE-2017-15014

MEDIUM
CVSS:4.3(Medium)

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardle...

CWE-2692017

CVE-2017-2094

MEDIUM
CVSS:4.3(Medium)

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

CWE-2692017

CVE-2017-6954

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permi...

CWE-2692017