In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ - admin-dev/index.php/improve/international/geolocation/ - admin-dev/index.php/improve/international/localization - admin-dev/index.php/configure/advanced/performance - admin-dev/index.php/sell/orders/delivery-slips/ - admin-dev/index.php?controller=AdminStatuses The problem is fixed in 1.7.6.5
References
Link | Resource |
---|---|
https://github.com/PrestaShop/PrestaShop/commit/4444fb85761667a2206874a3112ccc77f657d76a | Patch Third Party Advisory |
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-74vp-ww64-w2gm | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-04-20T16:50:18
Updated: 2020-04-20T16:50:18
Reserved: 2020-01-02T00:00:00
Link: CVE-2020-5279
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-04-20T17:15:15.960
Modified: 2020-04-29T14:21:11.510
Link: CVE-2020-5279
JSON object: View
Redhat Information
No data.