CVE-2023-45380 Information

Description

In the module \Order Duplicator \ Clone and Delete Existing Order\ (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop a guest can download personal information without restriction. Due to a lack of permissions control a guest can download personal information from ps_customer/ps_address tables such as name / surname / phone number / full postal address.

Reference

https://security.friendsofpresta.org/modules/2023/11/07/orderduplicate.html