CVE-2020-4074

Published at:
2020-07-02T17:15:12.763
Source: [email protected]

Global infos:

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.

CVE Status: Modified

References:

  • [email protected]
  • [email protected]
  • af854a3a-2127-422b-91ae-364da2661108
  • af854a3a-2127-422b-91ae-364da2661108
    •

    Metrics:

    AttributeValue
    Attack ComplexityHIGH
    Attack VectorNETWORK
    Availability ImpactLOW
    Base Score8.9
    Base SeverityHIGH
    Confidentiality ImpactHIGH
    Integrity ImpactHIGH
    Privileges RequiredNONE
    ScopeCHANGED
    User InteractionNONE
    Vector StringCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
    Exploitability Score2.2
    Impact Score6
    Source[email protected]
    TypeSecondary

    Links:

    Exploit-db
    Github

    Most recherched CVEs
    Popular Keywords