exploitDog

GHSA-44v8-gqvj-w676

Опубликовано: 03 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Theme volty tvcmspaymenticon up to v4.0.1 was discovered to contain a SQL injection vulnerability via the component /tvcmspaymenticon/ajax.php?action=update_position&recordsArray.

Theme volty tvcmspaymenticon up to v4.0.1 was discovered to contain a SQL injection vulnerability via the component /tvcmspaymenticon/ajax.php?action=update_position&recordsArray.

Ссылки

EPSS

Процентиль: 21%

0.00066

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2023-39645

CVSS3: 9.8

nvd

больше 2 лет назад

Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

EPSS

Процентиль: 21%

0.00066

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89