CVE-2023-30151

Опубликовано: 13 июл. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the key GET parameter.

Ссылки

https://addons.prestashop.com/en/shipping-carriers/1755-boxtal-connect-turnkey-shipping-solution.html
Not Applicable
https://help.boxtal.com/hc/fr/articles/360001342977-J-ai-besoin-du-module-PrestaShop-ancienne-version-Boxtal-Envoimoinscher-pour-mon-site
Permissions Required
Third Party Advisory
https://security.friendsofpresta.org/module/2023/06/20/envoimoinscher.html
Exploit
Third Party Advisory
https://addons.prestashop.com/en/shipping-carriers/1755-boxtal-connect-turnkey-shipping-solution.html
Not Applicable
https://help.boxtal.com/hc/fr/articles/360001342977-J-ai-besoin-du-module-PrestaShop-ancienne-version-Boxtal-Envoimoinscher-pour-mon-site
Permissions Required
Third Party Advisory
https://security.friendsofpresta.org/module/2023/06/20/envoimoinscher.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:boxtal:envoimoinscher:*:*:*:*:*:prestashop:*:*

Версия до 3.1.10 (исключая)

EPSS

Процентиль: 76%

0.00982

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-h4x3-5jpc-w9h8

CVSS3: 8.8

github

больше 2 лет назад

A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote authenticated users to execute arbitrary SQL commands via the `key` GET parameter.