In PrestaShop prior to 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prestashop prestashop 1.7.6.0 |
||
prestashop prestashop |