CVE-2020-15160

Name: CVE-2020-15160
Creator: NVD / NIST
Published: 2020-09-24T23:15:13.633+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 10.81%

Last modified Jun 17, 2026

CVE-2020-15160 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8. EPSS estimates a 10.81% chance of exploitation in the next 30 days.

Description

PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

10.81%

95.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Prestashop	Prestashop	>= 1.7.5.0, < 1.7.6.8

References

http://packetstormsecurity.com/files/162140/PrestaShop-1.7.6.7-SQL-Injection.htmlThird Party Advisory, VDB Entry
https://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8Patch, Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fghq-8h87-826gThird Party Advisory
http://packetstormsecurity.com/files/162140/PrestaShop-1.7.6.7-SQL-Injection.htmlThird Party Advisory, VDB Entry
https://github.com/PrestaShop/PrestaShop/commit/3fa0dfa5a8f4b149c7c90b948a12b4f5999a5ef8Patch, Third Party Advisory
https://github.com/PrestaShop/PrestaShop/releases/tag/1.7.6.8Third Party Advisory
https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-fghq-8h87-826gThird Party Advisory

Timeline

Published: Sep 24, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-15160?

PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8

How severe is CVE-2020-15160?

CVE-2020-15160 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 10.81% probability of exploitation in the next 30 days.

How do I fix CVE-2020-15160?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-15160?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST