CVE-2021-21308

Summary

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2

Affected Software

VendorProductVersion RangeStatus
PrestaShopPrestaShop>= 1.5.0, < 1.7.7.2affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References