PrestaShop CVE-2020-21967 vulnerability

Core

Score

4.8 Medium

Date publish

13-07-2022

Versiones afectadas

  • Versions from 1.7.6.7 up to and including 1.7.6.7

Description

File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.

References

http://packetstormsecurity.com/files/167...
Exploit Third Party Advisory VDB Entry mitre.org
https://github.com/PrestaShop/PrestaShop...
Exploit Issue Tracking Third Party Advisory mitre.org
http://packetstormsecurity.com/files/167...
Exploit Third Party Advisory VDB Entry
https://github.com/PrestaShop/PrestaShop...
Exploit Issue Tracking Third Party Advisory

Metrics

cvssMetricV31
sourcenvd@nist.gov
typePrimary
version3.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
baseScore4.8
baseSeverityMEDIUM
attackVectorNETWORK
attackComplexityLOW
privilegesRequiredHIGH
userInteractionREQUIRED
scopeCHANGED
confidentialityImpactLOW
integrityImpactLOW
availabilityImpactNONE
exploitabilityScore1.7
impactScore2.7
cvssMetricV2
sourcenvd@nist.gov
typePrimary
version2.0
vectorStringAV:N/AC:M/Au:S/C:N/I:P/A:N
baseScore3.5
accessVectorNETWORK
accessComplexityMEDIUM
authenticationSINGLE
confidentialityImpactNONE
integrityImpactPARTIAL
availabilityImpactNONE
baseSeverityLOW
exploitabilityScore6.8
impactScore2.9
acInsufInfoFalse
obtainAllPrivilegeFalse
obtainUserPrivilegeFalse
obtainOtherPrivilegeFalse
userInteractionRequiredTrue
Scroll al inicio