CVE-2024-36682

June 24, 2024, 10:15 p.m.

Product(s) Impacted

PrestaShop Theme settings (pk_themesettings) module

  • <= 1.8.8

Description

In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information.

Weaknesses

Date

Published: June 24, 2024, 10:15 p.m.

Last Modified: June 24, 2024, 10:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References