exploitDog

GHSA-g2c3-j72p-x7pv

Опубликовано: 09 фев. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().

SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().

Ссылки

EPSS

Процентиль: 54%

0.00308

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2023-50026

CVSS3: 9.8

nvd

почти 2 года назад

SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().

EPSS

Процентиль: 54%

0.00308

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89