CVE-2020-12120

EUVD-2020-4435
The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
prestashopcorreos_express
1.6 ≤
𝑥
≤ 1.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://addons.prestashop.com/en/delivery-date/27273-correos-express-solutions-of-urgent-transport.html
https://ia-informatica.com/it/CVE-2020-12120
https://addons.prestashop.com/en/delivery-date/27273-correos-express-solutions-of-urgent-transport.html
https://ia-informatica.com/it/CVE-2020-12120