CVE-2021-21308: Improper session management for soft logout
First published: Fri Feb 26 2021(Updated: )
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Prestashop Prestashop | >1.5.0.0<1.7.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-21308?
CVE-2021-21308 is a vulnerability in PrestaShop e-commerce solution that allows an attacker to execute arbitrary commands by exploiting the incomplete soft logout system.
How severe is CVE-2021-21308?
CVE-2021-21308 has a severity rating of 9.1, which is considered critical.
Which version of PrestaShop is affected?
PrestaShop versions before 1.7.2 are affected by CVE-2021-21308.
How can I fix CVE-2021-21308?
To fix CVE-2021-21308, you should update PrestaShop to version 1.7.7.2 or later.
Where can I find more information about CVE-2021-21308?
You can find more information about CVE-2021-21308 in the following references: [link1](https://github.com/PrestaShop/PrestaShop/commit/2f673bd93e313f08c35e74decc105f40dc0b7dee), [link2](https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.7.2), [link3](https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-557h-hf3c-whcg).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/author
- agent/remedy
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/event
- agent/tags
- agent/description
- vendor/prestashop
- canonical/prestashop prestashop