CVE-2023-27843

Опубликовано: 26 апр. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.

Ссылки

https://addons.prestashop.com/en/quotes/3725-ask-for-a-quote-convert-to-order-messaging-system.html
Product
https://friends-of-presta.github.io/security-advisories/modules/2023/04/25/askforaquote.html
Exploit
Patch
Third Party Advisory
https://addons.prestashop.com/en/quotes/3725-ask-for-a-quote-convert-to-order-messaging-system.html
Product
https://friends-of-presta.github.io/security-advisories/modules/2023/04/25/askforaquote.html
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ask_for_a_quote_project:ask_for_a_quote:*:*:*:*:*:prestashop:*:*

Версия до 5.4.2 (включая)

EPSS

Процентиль: 48%

0.00248

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-686h-ccw2-cmvc