First published: Mon Mar 13 2023(Updated: )
PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. The problem is fixed in version 8.0.1.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Prestashop | <8.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-25170 refers to a vulnerability in PrestaShop, an open source e-commerce web application, where prior to version 8.0.1, it is vulnerable to cross-site request forgery (CSRF).
CVE-2023-25170 has a severity level of 8.8 (high).
CVE-2023-25170 affects PrestaShop versions prior to 8.0.1, allowing same-site attackers to perform cross-site request forgery (CSRF) attacks.
To fix CVE-2023-25170 in PrestaShop, it is recommended to update to version 8.0.1 or later, which addresses the vulnerability.
You can find more information about CVE-2023-25170 in the official advisory by PrestaShop: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3g43-x7qr-96ph