Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-in-One WP Migration Multiple Cross-Site Request Forgery Vulnerabilities (7.1)
WordPress Plugin Awesome Support-WordPress HelpDesk & Support Multiple Vulnerabilities (4.3.1)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)
WordPress Plugin eHive Object Details Cross-Site Scripting (2.1.6)