CVE-2020-4074

Name of the Vulnerable Software and Affected Versions PrestaShop versions 1.5.0.0 through 1.7.6.6 PrestaShop versions 1.5.0.0 through 1.7.7.6 is not used because 1.7.6.6 is the fixed version mentioned in the NVD source which has higher priority than Telegram.

Description The authentication system in PrestaShop is malformed, allowing an attacker to forge requests and execute admin commands.

Recommendations For PrestaShop versions 1.5.0.0 through 1.7.6.6, update to version 1.7.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to admin commands until a patch is available.