Description

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6

Remediation

References

CVE-2020-15079

Related Vulnerabilities

WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-0615)

WordPress Plugin Yandex.News Feed by Teplitsa Cross-Site Scripting (1.12.5)

Plone CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000481)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15080)

WordPress 2.8.2 Multiple Security Bypass Vulnerabilities (2.0 - 2.8.2)

Severity

Medium

Classification

CVE-2020-15079 CWE-287 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities