Vulnerability Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
CVSS Score
8.9
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | >= 1.5.0.0, < 1.7.6.6 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/30b6a7bdaca9cb940d3ce462906dbb06PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-ccvh-jh5x-mpg4Third Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/30b6a7bdaca9cb940d3ce462906dbb06PatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-ccvh-jh5x-mpg4Third Party Advisory
FAQ
What is CVE-2020-4074?
CVE-2020-4074 is a vulnerability with a CVSS score of 8.9 (HIGH). In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7....
How severe is CVE-2020-4074?
CVE-2020-4074 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-4074?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.