CVE-2020-15079

Published: Jul 2, 2020Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6

Affected (1)

Products: Prestashop: Prestashop

Prestashop

1 product

Prestashop

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Prestashop Prestashop	After 1.5.0.0 to 1.7.6.6

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386

Source: security-advisories@github.com

Third Party Advisory

https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.