Insecure Direct Object Reference vulnerability in PrestaShop before 1.7.6.0 RC2 (PrestaShop bug #14444) allows for customer information leakage during checkout.

Insecure Direct Object Reference vulnerability in PrestaShop before 1.7.6.0 RC2 (PrestaShop bug #14444) allows for customer information leakage during checkout.

CVE-2019-13461 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444.

Learn more about our Web App Pen Testing.