PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory

id: CVE-2020-15081

info:
  name: PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
  author: 0x_Akoko
  severity: low
  description: |
    PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file.
  impact: |
    Attackers can enumerate uploaded files potentially exposing sensitive customer data, invoices, or internal documents.
  remediation: |
    Upgrade to PrestaShop version 1.7.6.6 or later, or add an empty index.php file in the upload directory as a workaround.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-15081
    - https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-997j-f42g-x57c
    - https://github.com/PrestaShop/PrestaShop/commit/bac9ea6936b073f84b1abd9864317af3713f1901
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2020-15081
    cwe-id: CWE-548
    epss-score: 0.01648
    epss-percentile: 0.73491
  metadata:
    verified: true
    max-request: 1
    vendor: prestashop
    product: prestashop
    shodan-query: http.component:"PrestaShop"
    fofa-query: app="PrestaShop"
  tags: cve,cve2020,prestashop,exposure,directory-listing

http:
  - method: GET
    path:
      - "{{BaseURL}}/upload/"

    host-redirects: true
    max-redirects: 2

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_any(body, "Index of", "Directory listing for", "[To Parent Directory]", "<title>Index of")'
        condition: and
# digest: 4a0a00473045022100a8ae291b18dea098c3da5a7da4be224775cce80e597197f2df157df9de1645970220193b4441ae336b209b54a40aa0cd9298c84561ed44314aa72e4203108eca2376:922c64590222798bb761d5b6d8e72950