Description

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.

Remediation

References

CVE-2020-5293

Related Vulnerabilities

Oracle JRE CVE-2013-2462 Vulnerability (CVE-2013-2462)

WordPress Plugin Zingiri Web Shop 'wpabspath' Parameter Remote File Include (2.2.0)

Apache HTTP Server Improper Authentication Vulnerability (CVE-2018-1312)

WordPress Plugin WP Poll Maker-Best WordPress Poll for Voting Contest Arbitrary File Upload (3.4)

Moodle Improper Authentication Vulnerability (CVE-2022-0985)

Severity

Medium

Classification

CVE-2020-5293 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities