CVE-2020-15081
published 2020-07-02CVE-2020-15081: In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A…
PriorityP335medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
1.65%
73.5th percentile
In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| prestashop | prestashop | < 1.7.6.6 | 1.7.6.6 |
| prestashop | prestashop | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Nuclei
PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
nuclei·CVSS 5.3
CVE-2020-15081 [MEDIUM] PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
PrestaShop Index of")'
condition: and
# digest: 4a0a0047304502202c92739000929a97302fbd943ec98020c6afcc5177006b43ba4ab29b7cdb6f3d022100c2600044c7eb0a5b7ca03c9043661355a2a74dd8a4bb7a9c308d788c5c41c8ab:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-997j-f42g-x57chttps://github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-997j-f42g-x57c
2020-07-02
Published