{"vulnerability": "cve-2023-25170", "sightings": [{"uuid": "aa0e5001-708c-4a3f-b233-a1437f654a50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-25170", "type": "seen", "source": "https://t.me/cibsecurity/59912", "content": "\u203c CVE-2023-25170 \u203c\n\nPrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. The problem is fixed in version 8.0.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T19:23:14.000000Z"}]}