CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15079 – Improper access control in PrestaShop
https://notcve.org/view.php?id=CVE-2020-15079
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6 En PrestaShop desde versión 1.5.0.0 y anteriores a versión 1.7.6.6, se presenta un control de acceso inapropiado en la página Carrier, Module Manager y Module Positions. El problema es corregido en versión 1.7.6.6 • https://github.com/PrestaShop/PrestaShop/commit/8833d9504cc5d69a2a6d10197f56f0c11443cbfa https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xp3x-3h8q-c386 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15081 – Information exposure in the upload directory in PrestaShop
https://notcve.org/view.php?id=CVE-2020-15081
In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory. En PrestaShop desde versión 1.5.0.0 y anteriores a 1.7.6.6, se presenta una exposición de información en el directorio de carga. El problema es corregido en versión 1.7.6.6. • https://github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-997j-f42g-x57c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-548: Exposure of Information Through Directory Listing •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5287 – Improper access control on customers search in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5287
In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper access control on customers search. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.5.5.0 y 1.7.6.5, hay un control de acceso inapropiado en la búsqueda de clientes. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/27e49d89808f1d76eb909a595f344a6739bc0b52 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-r6rp-6gv6-r9hq • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5288 – Improper access control on product attributes page in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5288
"In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper access controls on product attributes page. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.7.0.0 y 1.7.6.5, tiene un control de acceso inapropiado en la página de atributos del producto. El problema se corrigió en la versión 1.7.6.5 • https://github.com/PrestaShop/PrestaShop/commit/fc1d796dda769efdbc4d9e02ea7a11e4167338d0 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-4wxg-33h3-3w5r • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-5293 – Improper access control on product page with combinations, attachments and specific prices in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5293
In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper access controls on product page with combinations, attachments and specific prices. The problem is fixed in 1.7.6.5. En PrestaShop entre las versiones 1.7.0.0 y 1.7.6.5, hay un control de acceso inapropiado en la página del producto con combinaciones, archivos adjuntos y precios específicos. El problema se corrigió en la versión 1.7.6.5. • https://github.com/PrestaShop/PrestaShop/commit/f9f442c87755908e23a6bcba8c443cdea1d78a7f https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-cvjj-grfv-f56w • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •