exploitDog

CVE-2023-33279

Опубликовано: 25 мая 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.

Ссылки

https://friends-of-presta.github.io/security-advisories/modules/2023/05/25/scfixmyprestashop.html
Third Party Advisory
https://friends-of-presta.github.io/security-advisories/modules/2023/05/25/scfixmyprestashop.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:scfixmyprestashop_project:scfixmyprestashop:*:*:*:*:*:prestashop:*:*

EPSS

Процентиль: 21%

0.00066

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-2546-6m8x-7vmx

CVSS3: 9.8

github

больше 2 лет назад

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.

EPSS

Процентиль: 21%

0.00066

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89