Description

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.

Remediation

References

CVE-2020-15080

Related Vulnerabilities

WordPress Plugin WP Photo Album Plus Unspecified Vulnerability (7.2.04)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2014-0231)

WordPress Plugin WP Mobile Menu-The Mobile-Friendly Responsive Menu Cross-Site Scripting (2.8.2.2)

PostgreSQL CVE-2024-10976 Vulnerability (CVE-2024-10976)

phpMyFAQ Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2023-0789)

Severity

Medium

Classification

CVE-2020-15080 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities