Description

In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.

Remediation

References

CVE-2019-13461

Related Vulnerabilities

WordPress Plugin IGIT Posts Slider Widget 'src' Parameter Cross-Site Scripting (1.0)

WordPress Plugin WP Source Control Directory Traversal (3.0.0)

WordPress Plugin Woocommerce User Email Verification Security Bypass (3.3.0)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5432)

WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (4.0.7)

Severity

High

Classification

CVE-2019-13461 CWE-639 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities