exploitDog

CVE-2020-12120

Опубликовано: 27 апр. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.

Ссылки

https://addons.prestashop.com/en/delivery-date/27273-correos-express-solutions-of-urgent-transport.html
Vendor Advisory
https://ia-informatica.com/it/CVE-2020-12120
Exploit
Third Party Advisory
https://addons.prestashop.com/en/delivery-date/27273-correos-express-solutions-of-urgent-transport.html
Vendor Advisory
https://ia-informatica.com/it/CVE-2020-12120
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:correos_express:*:*:*:*:*:prestashop:*:*

Версия от 1.6 (включая) до 1.7 (включая)

EPSS

Процентиль: 68%

0.00561

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-768g-7rwq-8hw9

github

больше 3 лет назад

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.

EPSS

Процентиль: 68%

0.00561

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-732