In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.
References
Link | Resource |
---|---|
https://github.com/PrestaShop/PrestaShop/commit/35ef7e9d892287c302df1fc5aa05ecfc6f15bc76 | Patch Third Party Advisory |
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-492w-2pp5-xhvg | Third Party Advisory |
Configurations
Information
Published : 2020-07-02 10:15
Updated : 2021-11-18 10:05
NVD link : CVE-2020-15080
Mitre link : CVE-2020-15080
JSON object : View
CWE
CWE-862
Missing Authorization
Products Affected
prestashop
- prestashop