Vulnerability Description
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Prestashop | Prestashop | < 1.7.6.5 |
Related Weaknesses (CWE)
References
- https://github.com/PrestaShop/PrestaShop/commit/f9f442c87755908e23a6bcba8c443cdePatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-cvjj-grfv-f56wPatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/commit/f9f442c87755908e23a6bcba8c443cdePatchThird Party Advisory
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-cvjj-grfv-f56wPatchThird Party Advisory
FAQ
What is CVE-2020-5293?
CVE-2020-5293 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.
How severe is CVE-2020-5293?
CVE-2020-5293 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5293?
Check the references section above for vendor advisories and patch information. Affected products include: Prestashop Prestashop.