VDB
KO
MEDIUM 5.0

GHSA-3g43-x7qr-96ph

Possible CSRF token fixation

Details

### Impact When authenticating users PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enables `same-site attackers` to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation.

### Patches The problem is fixed in version 8.0.1

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / prestashop/prestashop
Introduced in: 0 Fixed in: 8.0.1
Fix composer require prestashop/prestashop:^8.0.1

References