CVE-2020-5279 MEDIUM

CVE-2020-5279: Improper Access Control for certain legacy controller in PrestaShop

Vendor Prestashop

Product PrestaShop

Weakness CWE-284

Published April 20, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

4.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5

Key dates

02Disclosure timeline

April 20, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-5279 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2020-5279: Improper Access Control for certain legacy controller in PrestaShop

01Description

02Disclosure timeline

03References

04Related CVE