CVE-2020-5293 Information
Feb 14, 2021
cve
Description
In PrestaShop between versions 1.7.0.0 and 1.7.6.5 there are improper access controls on product page with combinations attachments and specific prices. The problem is fixed in 1.7.6.5.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Reference
https://github.com/PrestaShop/PrestaShop/commit/f9f442c87755908e23a6bcba8c443cdea1d78a7f https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-cvjj-grfv-f56w
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.5
Share on: