Lucene search

[email protected]CVE-2020-15081

HistoryJul 02, 2020 - 5:15 p.m.

CVE-2020-15081

2020-07-0217:15:00

CWE-200

[email protected]

web.nvd.nist.gov

prestashop

cve-2020-15081

information exposure

upload directory

security vulnerability

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

30.6%

JSON

In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.

VendorProductVersionCPE
prestashopprestashop*cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
prestashop	prestashop	*	cpe:2.3:a:prestashop:prestashop::::::::

References

github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901

github.com/PrestaShop/PrestaShop/security/advisories/GHSA-997j-f42g-x57c

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

30.6%

JSON

Related for CVE-2020-15081

osv1 cvelist1 prion1 openvas1