Description
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.
Remediation
References
Related Vulnerabilities
Atlassian Jira CVE-2021-26076 Vulnerability (CVE-2021-26076)
WordPress Plugin LearnDash LMS SQL Injection (4.5.3)
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.11)
Dotclear Other Vulnerability (CVE-2005-3963)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-0766)