Jump to content

security issue on prestashop multistore and employees


ibnadl
 Share

Recommended Posts

hello,
when i was today testin the multistore in prestashop i found i Bug,
so when i creeat 2 shop and 2 employees for these shops (one for shop and the shops ar not at the some groupe)
when i do this, and lets employees to add and edit employees at there shop, i found that the employee 1 can edit employee 2 and changing password, then entring to shop 2. just by changing emlpyees id on the adress link.
note that the list of employees chown before making change are the employees assocciated to shop 1
 

Share this post


Link to post
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More