CVE-2023-43663: 
PHP vulnerability analysis and mitigation

PrestaShop, an Open Source e-commerce web application, was found to contain a security vulnerability (CVE-2023-43663) that allows low-privileged users to disable or uninstall any module from the back office. This vulnerability was discovered and disclosed on September 28, 2023, affecting all PrestaShop versions prior to 8.1.2 (GitHub Advisory, NVD).

The vulnerability is classified as an Improper Privilege Management issue (CWE-269). It received a CVSS v3.1 Base Score of 6.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) from GitHub, and 4.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) from NVD. The vulnerability allows users with low privileges to disable portions of a shop's functionality through unauthorized module management (NVD).

The vulnerability enables low-privileged users to disable or uninstall any module from the back office, potentially disrupting critical shop functionality. This could lead to significant operational impacts on the e-commerce platform's functionality and security (GitHub Advisory).

The vulnerability has been addressed in PrestaShop version 8.1.2 with commit ce1f6708. Users are strongly advised to upgrade to this version or later. There are no known workarounds for this security issue (NVD, GitHub Advisory).