CVE-2023-46352

HIGH

PrestaShop facebookconversiontrackingplus <2.4.9 - Info Disclosure

Title source: llm
STIX 2.1

Description

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.

Scores

CVSS v3 7.5
EPSS 0.0047
EPSS Percentile 37.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
smartmodules/facebookconversiontrackingplus < 2.4.9
Published Nov 02, 2023
Tracked Since Feb 18, 2026