Opart Devis up to 4.0.1 on PrestaShop delivery_address/invoice_address resource injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Opart Devis up to 4.0.1 on PrestaShop. It has been rated as critical. This issue affects some unknown functionality. Upgrading to version 4.0.2 eliminates this vulnerability.

Field02/04/2021 06:55 PM02/23/2021 03:08 PM
nameOpart DevisOpart Devis
version<=4.0.1<=4.0.1
platformPrestaShopPrestaShop
argumentdelivery_address/invoice_addressdelivery_address/invoice_address
cwe99 (privilege escalation)99 (privilege escalation)
risk22
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_ePP
cvss3_vuldb_rlOO
urlhttps://github.com/login-securite/CVE/blob/main/CVE-2020-16194.mdhttps://github.com/login-securite/CVE/blob/main/CVE-2020-16194.md
availability11
publicity11
urlhttps://github.com/login-securite/CVE/blob/main/CVE-2020-16194.mdhttps://github.com/login-securite/CVE/blob/main/CVE-2020-16194.md
nameUpgradeUpgrade
upgrade_version4.0.24.0.2
cveCVE-2020-16194CVE-2020-16194
date1612393200 (02/04/2021)1612393200 (02/04/2021)
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_rcNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_sUU
cvss3_vuldb_rcXX
cvss2_vuldb_basescore5.45.4
cvss2_vuldb_tempscore4.24.2
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore5.75.7
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore5.75.7
price_0day$0-$5k$0-$5k
cve_assigned1596146400
cve_nvd_summaryAn Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

Do you know our Splunk app?

Download it now for free!