CVE-2020-15080

Summary

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server.

Affected Software

VendorProductVersion RangeStatus
PrestaShopPrestaShop>= 1.7.4.0, <1.7.6.6affected

Weaknesses

  • CWE-200: {"CWE-200":"Exposure of Sensitive Information to an Unauthorized Actor"}

ADP Enrichment

CVE Program Container

Additional References

References