CVE-2024-36682
June 24, 2024, 10:15 p.m.
Tags
Product(s) Impacted
PrestaShop Theme settings (pk_themesettings) module
- <= 1.8.8
Description
In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information.
Weaknesses
Date
Published: June 24, 2024, 10:15 p.m.
Last Modified: June 24, 2024, 10:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org
References
https://security.friendsofpresta.org/
cve@mitre.org