Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5288)

Description

"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5.

Remediation

References

Related Vulnerabilities

WordPress Plugin post highlights 'ph_settings.php' SQL Injection (2.2)

WordPress Plugin BP Group Documents Multiple Vulnerabilities (1.2.1)

WordPress Plugin Quiz Maker SQL Injection (6.5.8.3)

Oracle HTTP Server Improper Input Validation Vulnerability (CVE-2020-29507)

WordPress Plugin WPFront Notification Bar Cross-Site Scripting (2.0.0.07176)

Severity

Medium

Classification

CVE-2020-5288 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities