PT-2021-14407 · Unknown · Prestashop

Matkspublished

Published

2021-02-26

Updated

2021-03-05

CVE-2021-21308

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 1.7.2 PrestaShop versions prior to 1.7.7.2 are not needed as 1.7.7.2 is the fixed version, so we only need versions prior to 1.7.2.

Description: PrestaShop is a fully scalable open source e-commerce solution. The soft logout system in PrestaShop is not complete, allowing an attacker to execute foreign requests and customer commands.

Recommendations: For PrestaShop versions prior to 1.7.2, update to version 1.7.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the soft logout system until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-21308

GHSA-557H-HF3C-WHCG

Affected Products

Prestashop

PT-2021-14407 · Unknown · Prestashop

CVE-2021-21308

Weakness Enumeration

Related Identifiers

Affected Products

References · 7