Home > Vulnerability Database > CVE-2020-15079

Mend.io Vulnerability Database

CVE-2020-15079

Date: July 2, 2020

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6

Language: PHP

Severity Score

6.4

Related Resources (4)

Url: https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa

Url: https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-15079

Url: https://www.mend.io/vulnerability-database/CVE-2020-15079

Severity Score

6.4

Weakness Type (CWE)

Improper Authentication

CWE-287

Improper Access Control

CWE-284

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-15079

Date: July 2, 2020

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?