exploitDog

CVE-2023-3743

Опубликовано: 18 июл. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-leothemes-ap-page-builder
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-leothemes-ap-page-builder
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:leothemes:ap_page_builder:*:*:*:*:*:prestashop:*:*

Версия до 1.7.8.2 (исключая)

EPSS

Процентиль: 26%

0.00089

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-4mvg-w6jm-v99x

CVSS3: 7.5

github

больше 2 лет назад

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database.

EPSS

Процентиль: 26%

0.00089

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

CWE-89