CVE-2024-36682

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-359
View all →

Vulnerability Description

In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead to leak of personal information.

Related Vulnerabilities

CVE-2021-36723

HIGH
CVSS:7.5(High)

Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service.

CWE-3592021

CVE-2022-36091

HIGH
CVSS:7.5(High)

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be a...

CWE-3592022

CVE-2022-41936

HIGH
CVSS:7.5(High)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. T...

CWE-3592022

CVE-2023-2703

HIGH
CVSS:7.5(High)

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users....

CWE-3592023

CVE-2023-35151

HIGH
CVSS:7.5(High)

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, ev...

CWE-3592023

CVE-2023-5983

HIGH
CVSS:7.5(High)

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data.This issue affects Pharmacy Automation: ...

CWE-3592023