3 matches found
CVE-2020-5250
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the idaddress in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the idcustomer and change all information of all accounts. The problem is...
CVE-2020-5250 Possible information disclosure in PrestaShop
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the idaddress in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the idcustomer and change all information of all accounts. The problem is...
CVE-2020-5250
Summary: CVE-2020-5250 affects PrestaShop versions prior to 1.7.6.4. An attacker can modify address-related fields in the customer form (id_address) and, similarly, id_customer in CustomerForm, enabling theft of someone else’s address/information. This is a server-side validation weakness that al...