VYPR
Unrated severityNVD Advisory· Published Mar 5, 2020· Updated Aug 4, 2024

Possible information disclosure in PrestaShop

CVE-2020-5250

Description

In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, you are able to change the id_customer and change all information of all accounts. The problem is patched in version 1.7.6.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Prestashop/Prestashopllm-fuzzy2 versions
    <1.7.6.4+ 1 more
    • (no CPE)range: <1.7.6.4
    • (no CPE)range: < 1.7.6.4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.