Description

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.

Remediation

References

CVE-2020-5293

Related Vulnerabilities

Oracle Database Server CVE-2007-2109 Vulnerability (CVE-2007-2109)

MySQL CVE-2022-39403 Vulnerability (CVE-2022-39403)

WordPress Plugin Video Gallery /w YouTube, Vimeo Arbitrary File Upload (8.48)

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2022-34253)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2348)

Severity

Medium

Classification

CVE-2020-5293 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities