CVE Ref:  CVE-2020-12120

Release Date: 2020/04/17

Type:  Insecure Permissions

Vulnerable Application:  Prestashop (1.6 - 1.7)

Overview:

Correos Express - Solutions of urgent transport Module

a Prestashop module allow remote actor to get sensitive informations.

Scope:
File: modules/correosexpress/controllers/admin/index.php
Vulnerable Argument(s): $_POST[´token´] and $_POST[´action´]

Proof of Concept:

POST PARAMETERS: http://hostname/modules/correosexpress/controllers/admin/index.php.

Description:
modules/correosexpress/controllers/admin/index.php in the Correos Express - Solutions of urgent transport Module for PrestaShop allows remote attackers to obtain sensitive information, such as a service´s owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers.

Solutions:

Remove the services token from the html source.