CVE-2020-4074

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-4074

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-4074.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-4074

Related

GHSA-ccvh-jh5x-mpg4

Published

2020-07-02T17:15:12.763Z

Modified

2026-03-13T22:01:24.618442Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6.

References

Affected packages

Git / github.com/prestashop/prestashop

Affected ranges

Type

GIT

Repo

https://github.com/prestashop/prestashop

Events

Introduced

442a0d6100d8a4177ada6086e98d2b35accbfbf3

Fixed

b2956eec991d4bdc0651862557afc472c04ae8cc

Fixed

30b6a7bdaca9cb940d3ce462906dbb062499fc30

Database specific

{
    "versions": [
        {
            "introduced": "1.5.0.0"
        },
        {
            "fixed": "1.7.6.6"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-4074.json"