In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
References
Link | Resource |
---|---|
https://github.com/PrestaShop/PrestaShop/commit/30b6a7bdaca9cb940d3ce462906dbb062499fc30 | Patch Third Party Advisory |
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-ccvh-jh5x-mpg4 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-07-02 17:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-4074
Mitre link : CVE-2020-4074
CVE.ORG link : CVE-2020-4074
JSON object : View
Products Affected
prestashop
- prestashop
CWE
CWE-287
Improper Authentication