CVE-2020-15102 MEDIUM

CVE-2020-15102: Improper access control on dashboard form in PrestaShop

Vendor Prestashop

Product dashproducts

Weakness CWE-284

Published July 21, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0.

Key dates

02Disclosure timeline

July 21, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-15102 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2020-15102: Improper access control on dashboard form in PrestaShop

01Description

02Disclosure timeline

03References

04Related CVE