Back

CVE-2024-36677

June 19, 2024, 9:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

PrestaShop

  • <1.2.7

Source

cve@mitre.org

Tags

cve@mitre.org
2024-06-19
CVE-2024-36677

CVE-2024-36677 details

Published : June 19, 2024, 9:15 p.m.
Last Modified : June 19, 2024, 9:15 p.m.

Description

In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://security.friendsofpresta.org/modules/2024/06/18/loginascustomerpro.html cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.