Description

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6

Remediation

References

CVE-2020-15079

Related Vulnerabilities

WordPress Plugin MF Gig Calendar 'page_id' Parameter Cross-Site Scripting (0.9.4.1)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1912)

Oracle JRE CVE-2014-2409 Vulnerability (CVE-2014-2409)

MySQL CVE-2021-2012 Vulnerability (CVE-2021-2012)

PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)

Severity

Medium

Classification

CVE-2020-15079 CWE-287 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities