Lucene search

GitHub_MCVELIST:CVE-2020-15082

HistoryJul 02, 2020 - 4:50 p.m.

CVE-2020-15082 External control of configuration setting in the dashboard in PrestaShop

2020-07-0216:50:17

GitHub_M

www.cve.org

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6

CNA Affected

[
  {
    "product": "PrestaShop",
    "vendor": "PrestaShop",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.6.0.1, < 1.7.6.6"
      }
    ]
  }
]

References

github.com/PrestaShop/PrestaShop/commit/0f0d6238169a79d94f5ef28d24e60a9be8902f4b

github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mc98-xjm3-c4fm

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for CVELIST:CVE-2020-15082