Insecure Direct Object Reference vulnerability in PrestaShop before 1.7.6.0 RC2 (PrestaShop bug #14444) allows for customer information leakage during checkout.
CVE-2019-13461 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.
Learn more about our Web App Pen Testing.