CVE-2020-15079 Information
Feb 14, 2021
cve
Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6 there is improper access control in Carrier page Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Reference
https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: