CVE-2020-15082

EUVD-2020-7210
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
GitHub_MCNA
7.1 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
prestashopprestashop
1.6.0.1 ≤
𝑥
< 1.7.6.6
𝑥
= Vulnerable software versions
References
https://github.com/PrestaShop/PrestaShop/commit/0f0d6238169a79d94f5ef28d24e60a9be8902f4b
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mc98-xjm3-c4fm
https://github.com/PrestaShop/PrestaShop/commit/0f0d6238169a79d94f5ef28d24e60a9be8902f4b
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mc98-xjm3-c4fm