Vulnerability Description
In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | < 1.7.6.9 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/709d9afab7bdba1de5d7225a40e4f28cExploitThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-frf2-c9q3-qg9mThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/709d9afab7bdba1de5d7225a40e4f28cExploitThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-frf2-c9q3-qg9mThird Party Advisory
FAQ
What is CVE-2020-26224?
CVE-2020-26224 is a vulnerability with a CVSS score of 7.5 (HIGH). In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an o...
How severe is CVE-2020-26224?
CVE-2020-26224 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26224?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.