Vulnerability Details : CVE-2021-21308
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-21308
- cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-21308
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-21308
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
GitHub, Inc. |
CWE ids for CVE-2021-21308
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-21308
-
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2
Release PrestaShop 1.7.7.2 · PrestaShop/PrestaShop · GitHubRelease Notes;Third Party Advisory
-
https://github.com/PrestaShop/PrestaShop/commit/2f673bd93e313f08c35e74decc105f40dc0b7dee
Merge pull request from GHSA-557h-hf3c-whcg · PrestaShop/PrestaShop@2f673bd · GitHubPatch;Third Party Advisory
-
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-557h-hf3c-whcg
Improper session management for soft logout · Advisory · PrestaShop/PrestaShop · GitHubThird Party Advisory
Jump to