exploitDog

GHSA-2v22-8745-vp75

Опубликовано: 09 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.

SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.

Ссылки

EPSS

Процентиль: 52%

0.00293

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2024-24308

CVSS3: 9.8

nvd

почти 2 года назад

SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php.

EPSS

Процентиль: 52%

0.00293

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89