Описание
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().
Ссылки
- Product
- https://friends-of-presta.github.io/security-advisories/modules/2023/04/11/advancedpopupcreator.htmlPatchThird Party Advisory
- Product
- https://friends-of-presta.github.io/security-advisories/modules/2023/04/11/advancedpopupcreator.htmlPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.1.21 (включая) до 1.1.25 (исключая)
cpe:2.3:a:idnovate:popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter:*:*:*:*:*:prestashop:*:*
EPSS
Процентиль: 98%
0.4769
Средний
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
почти 3 года назад
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().
EPSS
Процентиль: 98%
0.4769
Средний
9.8 Critical
CVSS3
Дефекты
CWE-89
CWE-89