Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15079

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6

Published

2020-07-02T17:15:12.107

Last Modified

2024-11-21T05:04:46.063

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	prestashop	prestashop	< 1.7.6.6	Yes

References

https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa Patch, Third Party Advisory ([email protected])
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386 Third Party Advisory ([email protected])
https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)