Vulnerability Description
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6
CVSS Score
7.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | >= 1.6.0.1, < 1.7.6.6 |
References
- https://github.com/PrestaShop/PrestaShop/commit/0f0d6238169a79d94f5ef28d24e60a9bPatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mc98-xjm3-c4fmThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/0f0d6238169a79d94f5ef28d24e60a9bPatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mc98-xjm3-c4fmThird Party Advisory
FAQ
What is CVE-2020-15082?
CVE-2020-15082 is a vulnerability with a CVSS score of 7.1 (HIGH). In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6
How severe is CVE-2020-15082?
CVE-2020-15082 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15082?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.