Vulnerability Details CVE-2023-46355
In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead to leaks of personal information from ps_customer / ps_order table such as name / surname / email / phone number / postal address.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.3%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2023-46355
-
cpe:2.3:a:blmodules:csv_feeds_pro:2.5.2