PrestaShop CVE-2020-21967 vulnerability
Core
Score
4.8 MediumDate publish
13-07-2022Versiones afectadas
- Versions from 1.7.6.7 up to and including 1.7.6.7
Description
File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.References
Metrics
| cvssMetricV31 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| source | nvd@nist.gov | ||||||||||
| type | Primary | ||||||||||
| version | 3.1 | ||||||||||
| vectorString | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | ||||||||||
| baseScore | 4.8 | ||||||||||
| baseSeverity | MEDIUM | ||||||||||
| attackVector | NETWORK | ||||||||||
| attackComplexity | LOW | ||||||||||
| privilegesRequired | HIGH | ||||||||||
| userInteraction | REQUIRED | ||||||||||
| scope | CHANGED | ||||||||||
| confidentialityImpact | LOW | ||||||||||
| integrityImpact | LOW | ||||||||||
| availabilityImpact | NONE | ||||||||||
| exploitabilityScore | 1.7 | ||||||||||
| impactScore | 2.7 | ||||||||||
| cvssMetricV2 | |||||||||||
| source | nvd@nist.gov | ||||||||||
| type | Primary | ||||||||||
| version | 2.0 | ||||||||||
| vectorString | AV:N/AC:M/Au:S/C:N/I:P/A:N | ||||||||||
| baseScore | 3.5 | ||||||||||
| accessVector | NETWORK | ||||||||||
| accessComplexity | MEDIUM | ||||||||||
| authentication | SINGLE | ||||||||||
| confidentialityImpact | NONE | ||||||||||
| integrityImpact | PARTIAL | ||||||||||
| availabilityImpact | NONE | ||||||||||
| baseSeverity | LOW | ||||||||||
| exploitabilityScore | 6.8 | ||||||||||
| impactScore | 2.9 | ||||||||||
| acInsufInfo | False | ||||||||||
| obtainAllPrivilege | False | ||||||||||
| obtainUserPrivilege | False | ||||||||||
| obtainOtherPrivilege | False | ||||||||||
| userInteractionRequired | True | ||||||||||
