Unrated severityNVD Advisory· Published Feb 26, 2021· Updated Aug 3, 2024

Improper session management for soft logout

CVE-2021-21308

Description

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2

Affected products

Prestashop/Prestashopv5
Range: >= 1.5.0, < 1.7.7.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/PrestaShop/PrestaShop/commit/2f673bd93e313f08c35e74decc105f40dc0b7deemitrex_refsource_MISC
github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2mitrex_refsource_MISC
github.com/PrestaShop/PrestaShop/security/advisories/GHSA-557h-hf3c-whcgmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000