← back
CVE-2020-15079

Improper access control in PrestaShop

CVSS 6.4 MEDIUMEPSS 0.6%CWE-284
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Affected products
PrestaShop · PrestaShop

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfahttps://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386