CVE-2020-15081

MEDIUM NUCLEI

PrestaShop <1.7.6.6 - Info Disclosure

Title source: llm

Description

In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.

Nuclei Templates (1)

PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory

LOWVERIFIEDby 0x_Akoko

Shodan: http.component:"PrestaShop"

FOFA: app="PrestaShop"

References (2)

[Patch, Third Party Advisory] https://github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901

View Patch ZIP pw:eip

[Third Party Advisory] https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-997j-f42g-x57c

Scores

CVSS v3 5.3

EPSS 0.0947

EPSS Percentile 92.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-548 CWE-200

Status published

Affected Products (1)

prestashop/prestashop < 1.7.6.6

Timeline

Published Jul 02, 2020

Tracked Since Feb 18, 2026