PrestaShop CVE-2018-20717 vulnerability

Core

Score

8.8 High

Date publish

15-01-2019

Versiones afectadas

Less than 1.7.2.5

Description

In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer.

References

https://blog.ripstech.com/2018/prestasho...

Exploit Third Party Advisory mitre.org

https://build.prestashop.com/news/presta...

Release Notes Third Party Advisory mitre.org

https://blog.ripstech.com/2018/prestasho...

Exploit Third Party Advisory

https://build.prestashop.com/news/presta...

Release Notes Third Party Advisory

Metrics

cvssMetricV30
source	nvd@nist.gov
type	Primary
version	3.0
vectorString	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
baseScore	8.8
baseSeverity	HIGH
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	LOW
userInteraction	NONE
scope	UNCHANGED
confidentialityImpact	HIGH
integrityImpact	HIGH
availabilityImpact	HIGH
exploitabilityScore	2.8
impactScore	5.9
cvssMetricV2
source	nvd@nist.gov
type	Primary
version	2.0
vectorString	AV:N/AC:L/Au:S/C:P/I:P/A:P
baseScore	6.5
accessVector	NETWORK
accessComplexity	LOW
authentication	SINGLE
confidentialityImpact	PARTIAL
integrityImpact	PARTIAL
availabilityImpact	PARTIAL
baseSeverity	MEDIUM
exploitabilityScore	8
impactScore	6.4
acInsufInfo	False
obtainAllPrivilege	False
obtainUserPrivilege	False
obtainOtherPrivilege	False
userInteractionRequired	False