Security advisory > CVE-2023-28843

Security advisory > CVE-2023-28843


Which versions are affected by this vulnerability?

If you are on PrestaShop 1.7 or 8+, the vulnerability is not present. Module PayPal Official 3.12.0 to 3.16.3 are impacted.

The version that fixes the vulnerability is 3.16.4. Version 3.17.0 is also fixed.

How to verify if my module is vulnerable ?

Reminder: PrestaShop 1.7 or 8+, the vulnerability is not present.

We have developed a module that detects if the vulnerability is present and can patch the file.

  1. Download the file paypalcvefixer.zip  attached of this article.
  2. Install the module in your back office by downloading the ZIP file obtained in the previous step.
  3. Once installed, click on "Configure".
  4. An orange message will appear to indicate that patching is required, or a green message will appear if all are OK.
  5. Don't forget to remove this "fixer" module after

Where can I find the technical details of the vulnerability?

For technical details and recommandations:

https://github.com/202ecommerce/paypal/security/advisories/GHSA-66pc-8gh8-mx7m


How to contact support team?

For any question about PayPal official module, please contact our support team by filling this form.

Crédit

The hoster TouchWeb.fr found the vulnerability.
We would like to say thank you.