CVE-2021-21308

Published: Feb 26, 2021Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2

Affected (1)

Products: Prestashop: Prestashop

Prestashop

1 product

Prestashop

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Prestashop Prestashop	After 1.5.0.0 to 1.7.7.2

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://github.com/PrestaShop/PrestaShop/commit/2f673bd93e313f08c35e74decc105f40dc0b7dee

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-557h-hf3c-whcg

Source: security-advisories@github.com

Third Party Advisory

https://github.com/PrestaShop/PrestaShop/commit/2f673bd93e313f08c35e74decc105f40dc0b7dee

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-557h-hf3c-whcg

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.