CVE-2024-24309
HIGHecomiz survey_tma < 2.0.0 - Unauthenticated Exposure of Sensitive Information
Title source: llmDescription
In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://security.friendsofpresta.org/modules/2024/02/20/ecomiz_survey_tma.html
Product
https://www.ecomiz.com/
Scores
CVSS v3
7.5
EPSS
0.0058
EPSS Percentile
43.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
ecomiz/survey_tma
< 2.0.0
Published
Feb 23, 2024
Tracked Since
Feb 18, 2026