5
CVSSv2

CVE-2018-5682

Published: 13/01/2018 Updated: 31/01/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.

Affected Products

Vendor Product Versions
PrestashopPrestashop1.7.2.4

Github Repositories

PrestaShop security vulnerability checker The library and the tool to check PrestaShop for vulnerabilities The tool home page and the support page: prestashopmodulezru The full description, how to use and the stable release for download are available there Report example PrestaShop security vulnerability checker (homepage: prestashopmodulezru/en/tools-scripts/70