Matkspublished

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 1.7.2 PrestaShop versions prior to 1.7.7.2 are not needed as 1.7.7.2 is the fixed version, so we only need versions prior to 1.7.2. Description: PrestaShop is a fully scalable open source e-commerce solution. The soft logout system in PrestaShop is not complete, allowing an attacker to execute foreign requests and customer commands. Recommendations: For PrestaShop versions prior to 1.7.2, update to version 1.7.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the soft logout system until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.5.0.0 through 1.7.6.5 **Description** The issue is related to improper access control in the Carrier page, Module Manager, and Module Positions. **Recommendations** For PrestaShop versions 1.5.0.0 through 1.7.6.5, update to version 1.7.6.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.7.4.0 through 1.7.6.5 **Description** The issue arises from some files being incorrectly included in the release archive or being accessible when they should not be. A possible workaround is to restrict access to certain files, specifically making sure `composer.json` and `docker-compose.yml` are not accessible on the server. **Recommendations** For PrestaShop versions 1.7.4.0 through 1.7.6.5, update to version 1.7.6.6 to resolve the issue. As a temporary workaround, consider restricting access to `composer.json` and `docker-compose.yml` files on the server until the update to version 1.7.6.6 can be applied.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.5.3.0 through 1.7.6.6 PrestaShop versions 1.5.3.0 through 1.7.7.6 **Description** The issue is related to a stored XSS when using the name of a quick access item. **Recommendations** For PrestaShop versions 1.5.3.0 through 1.7.6.6, update to version 1.7.6.6 to resolve the issue. For PrestaShop versions 1.5.3.0 through 1.7.7.6, update to version 1.7.7.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.6.0.1 through 1.7.6.5 **Description** The issue allows rewriting all configuration variables through the dashboard. The problem is fixed in version 1.7.6.6. **Recommendations** For PrestaShop versions 1.6.0.1 through 1.7.6.5, update to version 1.7.6.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.7.0.0 through 1.7.6.5 **Description** The issue allows for a reflected XSS attack when a corrupted file is sent to the target. This can lead to malicious script execution. The problem is fixed in version 1.7.6.6. **Recommendations** For PrestaShop versions 1.7.0.0 through 1.7.6.5, update to version 1.7.6.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PrestaShop versions 1.5.0.0 through 1.7.6.5 **Description** The issue concerns information exposure in the upload directory. A possible workaround is to add an empty index.php file in the upload directory. The problem is fixed in version 1.7.6.6. **Recommendations** For PrestaShop versions 1.5.0.0 through 1.7.6.5, update to version 1.7.6.6 to resolve the issue. As a temporary workaround, consider adding an empty index.php file in the upload directory until the update to version 1.7.6.6 is applied.