CVE-2020-16194

Published: Feb 4, 2021Modified: Jan 27, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

Affected (1)

Products: Store Opart: Op'art Devis

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Store Opart Op'art Devis	Before 4.0.2

Related CWEs

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://github.com/login-securite/CVE/blob/main/CVE-2020-16194.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/login-securite/CVE/blob/main/CVE-2020-16194.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.