Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
Remediation
References
Related Vulnerabilities
Perl Other Vulnerability (CVE-2011-0761)
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7888)
WordPress Plugin WP Easy Gallery 'select_gallery' Parameter Cross-Site Scripting (1.7)
WordPress Plugin Akeeba Backup CORE for WordPress Arbitrary File Upload (1.1.3)
PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)