Lucene search
K

PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 23 Views

PrestaShop before 1.7.6.6 exposes the upload directory; upgrade or add index.php.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2020-15081
2 Jul 202017:15
attackerkb
Circl
CVE-2020-15081
20 Jan 202603:57
circl
CNVD
PrestaShop Information Disclosure Vulnerability (CNVD-2020-50515)
3 Jul 202000:00
cnvd
CVE
CVE-2020-15081
2 Jul 202016:45
cve
Cvelist
CVE-2020-15081 Information exposure in the upload directory in PrestaShop
2 Jul 202016:45
cvelist
EUVD
EUVD-2020-7209
7 Oct 202500:30
euvd
NVD
CVE-2020-15081
2 Jul 202017:15
nvd
OpenVAS
PrestaShop 1.5.0.0 < 1.7.6.6 Multiple Vulnerabilities
19 Aug 202000:00
openvas
Prion
Design/Logic Flaw
2 Jul 202017:15
prion
RedhatCVE
CVE-2020-15081
22 May 202516:22
redhatcve
Rows per page
id: CVE-2020-15081

info:
  name: PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
  author: 0x_Akoko
  severity: low
  description: |
    PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file.
  impact: |
    Attackers can enumerate uploaded files potentially exposing sensitive customer data, invoices, or internal documents.
  remediation: |
    Upgrade to PrestaShop version 1.7.6.6 or later, or add an empty index.php file in the upload directory as a workaround.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-15081
    - https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-997j-f42g-x57c
    - https://github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2020-15081
    cwe-id: CWE-548
    epss-score: 0.01648
    epss-percentile: 0.73653
  metadata:
    verified: true
    max-request: 1
    vendor: prestashop
    product: prestashop
    shodan-query: http.component:"PrestaShop"
    fofa-query: app="PrestaShop"
  tags: cve,cve2020,prestashop,exposure,directory-listing

http:
  - method: GET
    path:
      - "{{BaseURL}}/upload/"

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_any(body, "Index of", "Directory listing for", "[To Parent Directory]", "<title>Index of")'
        condition: and
# digest: 4a0a00473045022100c21161247a0e47dff4079749270b746f7c773390b0cce56b7189255ed44388bb02200bb12a93702f36e4bf6afba2ff38beb5c8ca33042641f87903679bbc302797a9:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.1Medium risk
Vulners AI Score6.1
CVSS 25
CVSS 3.15.3
EPSS0.01648
23