CVE-2020-15079

State: PUBLISHED · Published: 2020-07-02 · Updated: 2024-08-04 · Assigner: GitHub_M

Description

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6

CWE

CWE-284 — {"CWE-284":"Improper Access Control"}

Affected

PrestaShop / PrestaShop — v=>= 1.5.0.0, < 1.7.6.6 [affected]

CVSS

3.1 score=6.4 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

References

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386 x_refsource_CONFIRM
https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa x_refsource_MISC

Source

cvelistV5-main/cves/2020/15xxx/CVE-2020-15079.json