Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
Remediation
References
Related Vulnerabilities
Perl Out-of-bounds Write Vulnerability (CVE-2018-6797)
WordPress Plugin Events Shortcodes For The Events Calendar Cross-Site Scripting (1.7.1)
WordPress Plugin LearnPress-WordPress LMS SQL Injection (3.2.6.7)
WordPress Plugin Fancy Slideshows Security Bypass (2.4)
WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)