Description

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.

Remediation

References

CVE-2020-5293

Related Vulnerabilities

Python Integer Overflow or Wraparound Vulnerability (CVE-2008-2315)

Lodash CVE-2018-16487 Vulnerability (CVE-2018-16487)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.0.0)

CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458)

WordPress Plugin Shoppable Images Multiple Vulnerabilities (1.0.0)

Severity

Medium

Classification

CVE-2020-5293 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities