CVE-2023-46352
HIGHPrestaShop facebookconversiontrackingplus <2.4.9 - Info Disclosure
Title source: llmDescription
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.
References (2)
Core 2
Scores
CVSS v3
7.5
EPSS
0.0047
EPSS Percentile
37.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (1)
smartmodules/facebookconversiontrackingplus
< 2.4.9
Published
Nov 02, 2023
Tracked Since
Feb 18, 2026