Description
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2531)
MySQL CVE-2022-21331 Vulnerability (CVE-2022-21331)
Squid Improper Input Validation Vulnerability (CVE-2021-31808)
Apache HTTP Server CVE-2002-0392 Vulnerability (CVE-2002-0392)
Apache HTTP Server CVE-2007-3304 Vulnerability (CVE-2007-3304)