CVE-2020-15079

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6

Published: Jul 2, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-15079
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
prestashop / prestashop	1.5.0.0.x	1.7.6.6

https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386

Vulnerability Database

290,273

CVE-2020-15079