CVE-2020-12120

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
VendorProductVersion
prestashopcorreos_express
1.6 ≤
𝑥
≤ 1.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://addons.prestashop.com/en/delivery-date/27273-correos-express-solutions-of-urgent-transport.html
https://ia-informatica.com/it/CVE-2020-12120
https://addons.prestashop.com/en/delivery-date/27273-correos-express-solutions-of-urgent-transport.html
https://ia-informatica.com/it/CVE-2020-12120