PrestaShop fixes bug that lets any backend user delete databases

26-Apr-23

PrestaShop, an open-source e-commerce platform, has published a new version that fixes a significant vulnerability that allowed any back-office user, regardless of their rights, to write, edit, or delete SQL databases. Those having access to the website’s administrative interface are known as back-office users, and they include the owner, administrators, salespeople, customer service representatives, order processors, data entry workers, and others.

A key security element of PrestaShop is that each user’s permissions are configured so that they can only access the data and functions required for their role. The vulnerability affects all PrestaShop installations starting with version 8.0.3 and does not have a fix.

Read More…