CVE-2008-5791 - Insufficient Information vulnerability in Prestashop

Publication

2008-12-31

Last modification

2017-08-08

Summary

Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.

Description

PrestaShop is prone to multiple unspecified security vulnerabilities.Very few details are available. We will update this BID as more information emerges. Theses issues affect versions prior to PrestaShop 1.1 beta 2.

Solution

The vendor has released updates. Please see the references for more information. PrestaShop PrestaShop 1.0 PrestaShop prestashop_1.1.0.1.zip http://www.prestashop.com/download/prestashop_1.1.0.1.zip

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Risk level (CVSS AV:N/AC:L/Au:N/C:C/I:C/A:C)

High

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Prestashop Prestashop  0.8.2 , 0.8.3 , 0.9.5 , 1.0.0.1 , 0.9 , 0.8.5.1 , 1.0.0.4 , 1.0.0.3 , 0.9.7 , 0.8.1 , 0.9.1 , 0.9.2 , 1.0.0.2 , 1.0.0.5 , 0.8.5 , 0.8.4 , 0.9.6 , 1.0