PrestaShop CVE-2020-15082 vulnerability
Core
Score
8.8 HighDate publish
02-07-2020Versiones afectadas
- Versions from 1.6.0.1 up to but not including 1.7.6.6
Description
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6References
Metrics
| cvssMetricV31 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| source | security-advisories@github.com | nvd@nist.gov | |||||||||
| type | Secondary | Primary | |||||||||
| version | 3.1 | 3.1 | |||||||||
| vectorString | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | |||||||||
| baseScore | 7.1 | 8.8 | |||||||||
| baseSeverity | HIGH | HIGH | |||||||||
| attackVector | NETWORK | NETWORK | |||||||||
| attackComplexity | HIGH | LOW | |||||||||
| privilegesRequired | LOW | LOW | |||||||||
| userInteraction | NONE | NONE | |||||||||
| scope | UNCHANGED | UNCHANGED | |||||||||
| confidentialityImpact | HIGH | HIGH | |||||||||
| integrityImpact | HIGH | HIGH | |||||||||
| availabilityImpact | LOW | HIGH | |||||||||
| exploitabilityScore | 1.6 | 2.8 | |||||||||
| impactScore | 5.5 | 5.9 | |||||||||
| cvssMetricV2 | |||||||||||
| source | nvd@nist.gov | ||||||||||
| type | Primary | ||||||||||
| version | 2.0 | ||||||||||
| vectorString | AV:N/AC:L/Au:N/C:P/I:P/A:P | ||||||||||
| baseScore | 7.5 | ||||||||||
| accessVector | NETWORK | ||||||||||
| accessComplexity | LOW | ||||||||||
| authentication | NONE | ||||||||||
| confidentialityImpact | PARTIAL | ||||||||||
| integrityImpact | PARTIAL | ||||||||||
| availabilityImpact | PARTIAL | ||||||||||
| baseSeverity | HIGH | ||||||||||
| exploitabilityScore | 10 | ||||||||||
| impactScore | 6.4 | ||||||||||
| acInsufInfo | False | ||||||||||
| obtainAllPrivilege | False | ||||||||||
| obtainUserPrivilege | False | ||||||||||
| obtainOtherPrivilege | False | ||||||||||
| userInteractionRequired | False | ||||||||||