PrestaShop: Unauthenticated Invoice Downloads via Secure_Key Exploit - Proactive Insights and Support For Open-Source Applications

In PrestaShop version 8.1.5 a medium severity vulnerability CVE-2024-34717 was detected. This vulnerability allows any invoice to be downloaded anonymously by using a random secure_key in the URL. This issue is fixed in version 8.1.6, and no workarounds are known. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34717.