In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
References
Link | Resource |
---|---|
https://github.com/PrestaShop/PrestaShop/commit/30b6a7bdaca9cb940d3ce462906dbb062499fc30 | Patch Third Party Advisory |
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-ccvh-jh5x-mpg4 | Third Party Advisory |
https://github.com/PrestaShop/PrestaShop/commit/30b6a7bdaca9cb940d3ce462906dbb062499fc30 | Patch Third Party Advisory |
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-ccvh-jh5x-mpg4 | Third Party Advisory |
Configurations
History
21 Nov 2024, 05:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 8.9 |
References | () https://github.com/PrestaShop/PrestaShop/commit/30b6a7bdaca9cb940d3ce462906dbb062499fc30 - Patch, Third Party Advisory | |
References | () https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-ccvh-jh5x-mpg4 - Third Party Advisory |
Information
Published : 2020-07-02 17:15
Updated : 2024-11-21 05:32
NVD link : CVE-2020-4074
Mitre link : CVE-2020-4074
CVE.ORG link : CVE-2020-4074
JSON object : View
Products Affected
prestashop
- prestashop
CWE
CWE-287
Improper Authentication