CVE-2020-15079
6.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PrestaShop | PrestaShop | >= 1.5.0.0, < 1.7.6.6 | affected |
Weaknesses
- CWE-284: {"CWE-284":"Improper Access Control"}
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386
- https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa
References
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386
- https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.