Description
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0217)
WordPress Plugin Fathom Analytics Cross-Site Scripting (3.0.4)
Jboss EAP CVE-2023-4061 Vulnerability (CVE-2023-4061)
WordPress Plugin Sendit WP Newsletter 'submit.php' Blind SQL Injection (1.5.9)
WordPress Plugin Video Gallery-Vimeo and YouTube Gallery Cross-Site Scripting (1.1.4)