Vulnerability Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
CVSS Score
6.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | < 1.7.6.6 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c1PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386Third Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c1PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386Third Party Advisory
FAQ
What is CVE-2020-15079?
CVE-2020-15079 is a vulnerability with a CVSS score of 6.4 (MEDIUM). In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
How severe is CVE-2020-15079?
CVE-2020-15079 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15079?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.