CVE-2023-45376

Опубликовано: 19 окт. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().`

Ссылки

https://addons.prestashop.com/en/sliders-galleries/20410-carousels-pack-instagram-products-brands-supplier.html
Product
https://security.friendsofpresta.org/modules/2023/10/19/hicarouselspack.html
Exploit
Third Party Advisory
https://addons.prestashop.com/en/sliders-galleries/20410-carousels-pack-instagram-products-brands-supplier.html
Product
https://security.friendsofpresta.org/modules/2023/10/19/hicarouselspack.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hipresta:carousels_pack:*:*:*:*:*:prestashop:*:*

Версия до 1.5.1 (исключая)

EPSS

Процентиль: 34%

0.00138

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-42hr-vjrg-wjr7