Description

PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8

Remediation

References

CVE-2020-15160

Related Vulnerabilities

WordPress Plugin Wufoo Shortcode Cross-Site Scripting (1.47)

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.16)

Internet Information Services Other Vulnerability (CVE-2004-0205)

WordPress Plugin Gallery PhotoBlocks Cross-Site Scripting (1.1.40)

Severity

Critical

Classification

CVE-2020-15160 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities