CVE-2020-4074

Summary

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.

Affected Software

VendorProductVersion RangeStatus
PrestaShopPrestaShop>= 1.5.0.0, < 1.7.6.6affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References