E-commerce

In PrestaShop version 8.1.5 a medium severity vulnerability CVE-2024-34717 was detected. A flaw in the invoice system lets anyone access private invoices by tweaking the URL with a random secure key. This risks data breaches and financial discrepancies. Patched in version 8.1.6 with no known workarounds. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34717

In PrestaShop version 8.1.5 a medium severity vulnerability CVE-2024-34717 was detected. This vulnerability allows any invoice to be downloaded anonymously by using a random secure_key in the URL. This issue is fixed in version 8.1.6, and no workarounds are known. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34717.

In Vault a low severity vulnerability CVE-2024-5798 was detected. This vulnerability allows attackers to log in to the system with the wrong credentials. To address this issue, users need to update to Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9. For more details, visit https://www.cvedetails.com/cve/CVE-2024-5798/.

In WooCommerce version 5.0.4 a medium severity vulnerability CVE-2024-35748 was detected. This vulnerability allows attackers to get access without an authorization check. There is no solution yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-35748/.