CVE-2020-5250 – Possible information disclosure in PrestaShop
https://notcve.org/view.php?id=CVE-2020-5250
In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4. En PrestaShop versiones anteriores a 1.7.6.4, cuando un cliente edita su dirección, ellos pueden cambiar libremente el id_address en el formulario y, por lo tanto, robar la dirección de otra persona. Es lo mismo con CustomerForm, pueden ser capaces de cambiar el id_customer y cambiar toda la información de todas las cuentas. • https://github.com/PrestaShop/PrestaShop/commit/a4a609b5064661f0b47ab5bc538e1a9cd3dd1069 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mhfc-6rhg-fxp3 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •
CVE-2019-13461
https://notcve.org/view.php?id=CVE-2019-13461
In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_address_invoice parameters are affected by an Insecure Direct Object Reference vulnerability due to a guessable value sent to the web application during checkout. An attacker could leak personal customer information. This is PrestaShop bug #14444. En PrestaShop versiones anteriores a 1.7.6.0 RC2, los parámetros id_address_delivery y id_address_invoice se ven afectados por una vulnerabilidad de Referencia de Objeto Directa no Segura debido a un valor que puede enviarse a la aplicación web durante el proceso de pago. Un atacante podría filtrar información personal del cliente. • https://assets.prestashop2.com/en/system/files/ps_releases/changelog_1.7.6.0-rc2.txt https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=40 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2018-20717
https://notcve.org/view.php?id=CVE-2018-20717
In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer. En la sección de pedidos de PrestaShop, en versiones anteriores a la 1.7.2.5, es posible un ataque tras obtener acceso a una tienda objetivo con un rol de usuario con derechos de, al menos, "Salesman" o superiores. El atacante puede inyectar objetos PHP arbitrarios en el proceso y abusar de una cadena de objetos para poder ejecutar código de forma remota. • https://blog.ripstech.com/2018/prestashop-remote-code-execution https://build.prestashop.com/news/prestashop-1-7-2-5-maintenance-release • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-19355
https://notcve.org/view.php?id=CVE-2018-19355
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). modules/orderfiles/ajax/upload.php en el addon Customer Files Upload 2018-08-01 para PrestaShop (de la versión 1.5 hasta la 1.7) permite que atacantes remotos ejecuten código arbitrario mediante la subida de un archivo php mediante modules/orderfiles/upload.php con auptype igual a product (para los destinos de subida en modules/productfiles), order (para los destinos de subida en modules/files) o cart (para los destinos de subida en modules/cartfiles). • https://ia-informatica.com/it/CVE-2018-19355 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-19125 – PrestaShop 1.6.x/1.7.x - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-19125
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory. PrestaShop en versiones 1.6.x anteriores a la 1.6.1.23 y 1.7.x anteriores a la 1.7.4.4 permite que los atacantes remotos eliminen un directorio de imágenes. PrestaShop versions 1.6.x and 1.7.x suffer from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/45964 http://build.prestashop.com/news/prestashop-1-7-4-4-1-6-1-23-maintenance-releases https://github.com/PrestaShop/PrestaShop/pull/11285 https://github.com/PrestaShop/PrestaShop/pull/11286 •