Published: 05/03/2020 Updated: 05/03/2020

CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 6.3 | Impact Score: 4.2 | Exploitability Score: 2.1

VMScore: 436

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4.

Vulnerable Product	Search on Vulmon	Subscribe to Product
prestashop prestashop

Labelgrup Fixer for CVE-2020-5250 vulnerability

LabelGrup Networks, official PrestaShop Partner Module for PS 17X to fix CVE-2020-5250 vulnerability (WIP) Check: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2020-5250 githubcom/PrestaShop/PrestaShop/security/advisories/GHSA-mhfc-6rhg-fxp3 Visit our website: wwwlabelgrupcom

CWE-552 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-mhfc-6rhg-fxp3 https://github.com/PrestaShop/PrestaShop/commit/a4a609b5064661f0b47ab5bc538e1a9cd3dd1069 https://nvd.nist.gov https://github.com/drkbcn/lblfixer_cve2020_5250

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-5250

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect