Description
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH Maintenance Mode Multiple Cross-Site Scripting Vulnerabilities (1.3.8)
e107 Other Vulnerability (CVE-2006-2590)
phpBB Improper Input Validation Vulnerability (CVE-2006-2220)
Apache Tomcat CVE-2018-1305 Vulnerability (CVE-2018-1305)
WordPress Plugin vSlider Multi Image Slider for WordPress Arbitrary File Upload (4.1.2)