Opart Devis up to 4.0.1 on PrestaShop delivery_address/invoice_address resource injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Opart Devis up to 4.0.1 on PrestaShop. It has been rated as critical. This issue affects some unknown functionality. Upgrading to version 4.0.2 eliminates this vulnerability.

Field	02/04/2021 06:55 PM	02/23/2021 03:08 PM
name	Opart Devis	Opart Devis
version	<=4.0.1	<=4.0.1
platform	PrestaShop	PrestaShop
argument	delivery_address/invoice_address	delivery_address/invoice_address
cwe	99 (privilege escalation)	99 (privilege escalation)
risk	2	2
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	N	N
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_e	P	P
cvss3_vuldb_rl	O	O
url	https://github.com/login-securite/CVE/blob/main/CVE-2020-16194.md	https://github.com/login-securite/CVE/blob/main/CVE-2020-16194.md
availability	1	1
publicity	1	1
url	https://github.com/login-securite/CVE/blob/main/CVE-2020-16194.md	https://github.com/login-securite/CVE/blob/main/CVE-2020-16194.md
name	Upgrade	Upgrade
upgrade_version	4.0.2	4.0.2
cve	CVE-2020-16194	CVE-2020-16194
date	1612393200 (02/04/2021)	1612393200 (02/04/2021)
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_av	A	A
cvss2_vuldb_ac	M	M
cvss2_vuldb_rc	ND	ND
cvss3_vuldb_av	A	A
cvss3_vuldb_ac	L	L
cvss3_vuldb_s	U	U
cvss3_vuldb_rc	X	X
cvss2_vuldb_basescore	5.4	5.4
cvss2_vuldb_tempscore	4.2	4.2
cvss3_vuldb_basescore	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7
cvss3_meta_basescore	6.3	6.3
cvss3_meta_tempscore	5.7	5.7
price_0day	$0-$5k	$0-$5k
cve_assigned		1596146400
cve_nvd_summary		An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!