CVE-2020-15081

EPSS 9.69%
Veröffentlicht 02.07.2020 17:15:12
Zuletzt bearbeitet 21.11.2024 05:04:46
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Information exposure in the upload directory in PrestaShop

In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prestashop ≫ Prestashop Version > 1.5.0.0 < 1.7.6.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.69%	0.929

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-548 Exposure of Information Through Directory Listing

A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.

https://github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901

Patch

Third Party Advisory

https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-997j-f42g-x57c

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15081

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15081

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15081

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-15081