CVE-2021-21308
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PrestaShop | PrestaShop | >= 1.5.0, < 1.7.7.2 | affected |
Weaknesses
- CWE-287: CWE-287: Improper Authentication
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-557h-hf3c-whcg
- https://github.com/PrestaShop/PrestaShop/commit/2f673bd93e313f08c35e74decc105f40dc0b7dee
References
- https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-557h-hf3c-whcg
- https://github.com/PrestaShop/PrestaShop/commit/2f673bd93e313f08c35e74decc105f40dc0b7dee
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.