Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.
Remediation
References
Related Vulnerabilities
WordPress Plugin Post Recommendations for WordPress 'api.php' Remote File Include (1.1.2)
WordPress Plugin NextGEN Gallery-WordPress Gallery SQL Injection (2.1.77)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1648)
Internet Information Services Improper Authentication Vulnerability (CVE-2009-1122)