Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for dashboard_products by prestashop

    CVE-2020-15102 (GCVE-0-2020-15102)

    Vulnerability from nvd – Published: 2020-07-21 17:50 – Updated: 2024-08-04 13:08
    VLAI
    Title
    Improper access control on dashboard form in PrestaShop
    Summary
    In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    PrestaShop dashproducts Affected: < 2.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:08:21.786Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dashproducts",
              "vendor": "PrestaShop",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-21T17:50:12.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
            }
          ],
          "source": {
            "advisory": "GHSA-6292-4qpg-hvfg",
            "discovery": "UNKNOWN"
          },
          "title": "Improper access control on dashboard form in PrestaShop",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-15102",
              "STATE": "PUBLIC",
              "TITLE": "Improper access control on dashboard form in PrestaShop"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dashproducts",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PrestaShop"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
                },
                {
                  "name": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e",
                  "refsource": "MISC",
                  "url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-6292-4qpg-hvfg",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-15102",
        "datePublished": "2020-07-21T17:50:12.000Z",
        "dateReserved": "2020-06-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:08:21.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-15102 (GCVE-0-2020-15102)

    Vulnerability from cvelistv5 – Published: 2020-07-21 17:50 – Updated: 2024-08-04 13:08
    VLAI
    Title
    Improper access control on dashboard form in PrestaShop
    Summary
    In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0.
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    PrestaShop dashproducts Affected: < 2.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T13:08:21.786Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dashproducts",
              "vendor": "PrestaShop",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-21T17:50:12.000Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
            }
          ],
          "source": {
            "advisory": "GHSA-6292-4qpg-hvfg",
            "discovery": "UNKNOWN"
          },
          "title": "Improper access control on dashboard form in PrestaShop",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-advisories@github.com",
              "ID": "CVE-2020-15102",
              "STATE": "PUBLIC",
              "TITLE": "Improper access control on dashboard form in PrestaShop"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dashproducts",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 2.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "PrestaShop"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In PrestaShop Dashboard Productions before version 2.1.0, there is improper authorization which enables an attacker to change the configuration. The problem is fixed in 2.1.0."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284: Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/PrestaShop/dashproducts/security/advisories/GHSA-6292-4qpg-hvfg"
                },
                {
                  "name": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e",
                  "refsource": "MISC",
                  "url": "https://github.com/PrestaShop/dashproducts/commit/f0799c13628a9b9ca6ca75c085b083d924a8ea7e"
                }
              ]
            },
            "source": {
              "advisory": "GHSA-6292-4qpg-hvfg",
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-15102",
        "datePublished": "2020-07-21T17:50:12.000Z",
        "dateReserved": "2020-06-25T00:00:00.000Z",
        "dateUpdated": "2024-08-04T13:08:21.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }