CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5279 – Improper Access Control for certain legacy controller in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5279
In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5 En PrestaShop entre las versiones 1.5.0.0 y 1.7.6.5, hay un control de acceso inapropiado desde la versión 1.5.0.0 para controladores heredados. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses. El problema es corregido en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/4444fb85761667a2206874a3112ccc77f657d76a https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-74vp-ww64-w2gm • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2013-6295
https://notcve.org/view.php?id=CVE-2013-6295
PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module PrestaShop versión 1.5.5, es vulnerable a una escalada de privilegios por medio de una cuenta Salesman mediante un módulo de carga. • http://davidsopaslabs.blogspot.com/2013 http://davidsopaslabs.blogspot.com/2013/10/how-salesman-could-hack-prestashop.html • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6358
https://notcve.org/view.php?id=CVE-2013-6358
PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory. PrestaShop versión 1.5.5, permite a atacantes autenticados remotos ejecutar código arbitrario mediante la carga de un perfil diseñado y luego accediendo a él en el directorio module/. • https://web.archive.org/web/20150423041900/http://labs.davidsopas.com/2013/10/how-salesman-could-hack-prestashop.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-13461
https://notcve.org/view.php?id=CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444. En PrestaShop versiones anteriores a 1.7.6.0 RC2, los parámetros id_address_delivery y id_address_invoice se ven afectados por una vulnerabilidad de Referencia de Objeto Directa no Segura debido a un valor que puede enviarse a la aplicación web durante el proceso de pago. Un atacante podría filtrar información personal del cliente. • https://assets.prestashop2.com/en/system/files/ps_releases/changelog_1.7.6.0-rc2.txt https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=40 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20717
https://notcve.org/view.php?id=CVE-2018-20717
In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer. En la sección de pedidos de PrestaShop, en versiones anteriores a la 1.7.2.5, es posible un ataque tras obtener acceso a una tienda objetivo con un rol de usuario con derechos de, al menos, "Salesman" o superiores. El atacante puede inyectar objetos PHP arbitrarios en el proceso y abusar de una cadena de objetos para poder ejecutar código de forma remota. • https://blog.ripstech.com/2018/prestashop-remote-code-execution https://build.prestashop.com/news/prestashop-1-7-2-5-maintenance-release • CWE-94: Improper Control of Generation of Code ('Code Injection') •