exploitDog

CVE-2020-15082

Опубликовано: 02 июл. 2020

Источник: nvd

CVSS3: 7.1

CVSS3: 8.8

CVSS2: 7.5

EPSS Низкий

Описание

In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6

Ссылки

https://github.com/PrestaShop/PrestaShop/commit/0f0d6238169a79d94f5ef28d24e60a9be8902f4b
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mc98-xjm3-c4fm
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/commit/0f0d6238169a79d94f5ef28d24e60a9be8902f4b
Patch
Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mc98-xjm3-c4fm
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Версия от 1.6.0.1 (включая) до 1.7.6.6 (исключая)

EPSS

Процентиль: 62%

0.00422

Низкий

7.1 High

CVSS3

8.8 High

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

EPSS

Процентиль: 62%

0.00422

Низкий

7.1 High

CVSS3

8.8 High

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other