CVE-2020-16194
First published: Thu Feb 04 2021(Updated: )
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Store-opart Quote | <4.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-16194?
The severity of CVE-2020-16194 is medium (5.3).
How does the CVE-2020-16194 vulnerability affect Prestashop Opart devis?
The CVE-2020-16194 vulnerability in Prestashop Opart devis < 4.0.2 allows unauthenticated attackers to access any user's invoice and delivery address.
How can an attacker exploit CVE-2020-16194?
Using an Insecure Direct Object Reference (IDOR) vulnerability, an attacker can exploit CVE-2020-16194 to gain access to user's invoice and delivery address by manipulating the delivery_address and invoice_address fields.
What is an Insecure Direct Object Reference (IDOR) vulnerability?
An Insecure Direct Object Reference (IDOR) vulnerability is a type of security flaw where an application exposes a reference to an internal implementation object, such as a database record or file, without proper authorization checks.
Is there a fix available for CVE-2020-16194?
Yes, updating Prestashop Opart devis to version 4.0.2 or later fixes the CVE-2020-16194 vulnerability.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/store-opart
- canonical/store-opart quote