Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
Remediation
References
Related Vulnerabilities
WordPress Plugin Events Made Easy Arbitrary File Upload (2.1.1)
WordPress Plugin WooCommerce Cross-Site Scripting (3.5.0)
Oracle HTTP Server Other Vulnerability (CVE-2007-0282)
WordPress Plugin WordPress Related Posts Cross-Site Scripting (3.6.4)
WordPress Plugin Dialog Contact Form Cross-Site Scripting (1.2.0)