Description

In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.

Remediation

References

CVE-2020-5293

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2007-5970)

Oracle Database Server CVE-2009-3411 Vulnerability (CVE-2009-3411)

WordPress Plugin Blogstand Banner Cross-Site Scripting (1.0)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1099)

WordPress Plugin Comments-wpDiscuz Cross-Site Scripting (3.1.4)

Severity

Medium

Classification

CVE-2020-5293 CWE-863 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities