PrestaShop CVE-2020-4074 vulnerability
Core
Score
10 CriticalDate publish
02-07-2020Versiones afectadas
- Versions from 1.5.0.0 up to but not including 1.7.6.6
Description
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.References
Metrics
| cvssMetricV31 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| source | security-advisories@github.com | nvd@nist.gov | |||||||||
| type | Secondary | Primary | |||||||||
| version | 3.1 | 3.1 | |||||||||
| vectorString | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||||||||
| baseScore | 8.9 | 9.8 | |||||||||
| baseSeverity | HIGH | CRITICAL | |||||||||
| attackVector | NETWORK | NETWORK | |||||||||
| attackComplexity | HIGH | LOW | |||||||||
| privilegesRequired | NONE | NONE | |||||||||
| userInteraction | NONE | NONE | |||||||||
| scope | CHANGED | UNCHANGED | |||||||||
| confidentialityImpact | HIGH | HIGH | |||||||||
| integrityImpact | HIGH | HIGH | |||||||||
| availabilityImpact | LOW | HIGH | |||||||||
| exploitabilityScore | 2.2 | 3.9 | |||||||||
| impactScore | 6 | 5.9 | |||||||||
| cvssMetricV2 | |||||||||||
| source | nvd@nist.gov | ||||||||||
| type | Primary | ||||||||||
| version | 2.0 | ||||||||||
| vectorString | AV:N/AC:L/Au:N/C:C/I:C/A:C | ||||||||||
| baseScore | 10 | ||||||||||
| accessVector | NETWORK | ||||||||||
| accessComplexity | LOW | ||||||||||
| authentication | NONE | ||||||||||
| confidentialityImpact | COMPLETE | ||||||||||
| integrityImpact | COMPLETE | ||||||||||
| availabilityImpact | COMPLETE | ||||||||||
| baseSeverity | HIGH | ||||||||||
| exploitabilityScore | 10 | ||||||||||
| impactScore | 10 | ||||||||||
| acInsufInfo | False | ||||||||||
| obtainAllPrivilege | False | ||||||||||
| obtainUserPrivilege | False | ||||||||||
| obtainOtherPrivilege | False | ||||||||||
| userInteractionRequired | False | ||||||||||