PrestaShop CVE-2020-5293 vulnerability
Core
Score
6.5 MediumDate publish
20-04-2020Versiones afectadas
- Less than 1.7.6.5
Description
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5.References
Metrics
| cvssMetricV31 | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| source | security-advisories@github.com | nvd@nist.gov | |||||||||
| type | Secondary | Primary | |||||||||
| version | 3.1 | 3.1 | |||||||||
| vectorString | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | |||||||||
| baseScore | 6.5 | 6.5 | |||||||||
| baseSeverity | MEDIUM | MEDIUM | |||||||||
| attackVector | NETWORK | NETWORK | |||||||||
| attackComplexity | HIGH | LOW | |||||||||
| privilegesRequired | LOW | NONE | |||||||||
| userInteraction | REQUIRED | NONE | |||||||||
| scope | CHANGED | UNCHANGED | |||||||||
| confidentialityImpact | HIGH | LOW | |||||||||
| integrityImpact | LOW | LOW | |||||||||
| availabilityImpact | NONE | NONE | |||||||||
| exploitabilityScore | 1.3 | 3.9 | |||||||||
| impactScore | 4.7 | 2.5 | |||||||||
| cvssMetricV2 | |||||||||||
| source | nvd@nist.gov | ||||||||||
| type | Primary | ||||||||||
| version | 2.0 | ||||||||||
| vectorString | AV:N/AC:L/Au:N/C:P/I:P/A:N | ||||||||||
| baseScore | 6.4 | ||||||||||
| accessVector | NETWORK | ||||||||||
| accessComplexity | LOW | ||||||||||
| authentication | NONE | ||||||||||
| confidentialityImpact | PARTIAL | ||||||||||
| integrityImpact | PARTIAL | ||||||||||
| availabilityImpact | NONE | ||||||||||
| baseSeverity | MEDIUM | ||||||||||
| exploitabilityScore | 10 | ||||||||||
| impactScore | 4.9 | ||||||||||
| acInsufInfo | False | ||||||||||
| obtainAllPrivilege | False | ||||||||||
| obtainUserPrivilege | False | ||||||||||
| obtainOtherPrivilege | False | ||||||||||
| userInteractionRequired | False | ||||||||||