First published: Thu Feb 04 2021(Updated: )
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Store-opart Quote | <4.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-16194 is medium (5.3).
The CVE-2020-16194 vulnerability in Prestashop Opart devis < 4.0.2 allows unauthenticated attackers to access any user's invoice and delivery address.
Using an Insecure Direct Object Reference (IDOR) vulnerability, an attacker can exploit CVE-2020-16194 to gain access to user's invoice and delivery address by manipulating the delivery_address and invoice_address fields.
An Insecure Direct Object Reference (IDOR) vulnerability is a type of security flaw where an application exposes a reference to an internal implementation object, such as a database record or file, without proper authorization checks.
Yes, updating Prestashop Opart devis to version 4.0.2 or later fixes the CVE-2020-16194 vulnerability.