Описание
Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.2 (исключая)
cpe:2.3:a:themevolty:cms_payment_icon:*:*:*:*:*:prestashop:*:*
EPSS
Процентиль: 20%
0.00066
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 2 лет назад
Theme volty tvcmspaymenticon up to v4.0.1 was discovered to contain a SQL injection vulnerability via the component /tvcmspaymenticon/ajax.php?action=update_position&recordsArray.
EPSS
Процентиль: 20%
0.00066
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89