Description

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.

Remediation

References

CVE-2020-5293

Related Vulnerabilities

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies Cross-Site Scripting (1.8.7.2)

WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (6.7.6)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall Cross-Site Scripting (1.2.05.20)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35811)

WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.1.14)

Severity

Medium

Classification

CVE-2020-5293 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities