VYPR
Unrated severityNVD Advisory· Published Jul 2, 2020· Updated Aug 4, 2024

Information disclosure in release archive in PrestaShop

CVE-2020-15080

Description

In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure composer.json and docker-compose.yml are not accessible on your server.

Affected products

2
  • Prestashop/Prestashopllm-fuzzy2 versions
    >=1.7.4.0, <=1.7.6.6+ 1 more
    • (no CPE)range: >=1.7.4.0, <=1.7.6.6
    • (no CPE)range: >= 1.7.4.0, <1.7.6.6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.