Description

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.

Remediation

References

CVE-2020-15080

Related Vulnerabilities

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9681)

WordPress Plugin Livemesh Addons for Elementor Security Bypass (2.5.2)

Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606)

WordPress Plugin WP CSV Unspecified Vulnerability (1.7.8.0)

Drupal Core 9.0.0 Security Bypass (9.0.0)

Severity

Medium

Classification

CVE-2020-15080 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities