exploitDog

CVE-2023-46914

Опубликовано: 07 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.

Ссылки

https://security.friendsofpresta.org/modules/2024/02/06/bookingcalendar.html
Patch
Third Party Advisory
https://security.friendsofpresta.org/modules/2024/02/06/bookingcalendar.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bookingcalendar_project:bookingcalendar:*:*:*:*:*:prestashop:*:*

Версия до 2.7.9 (включая)

EPSS

Процентиль: 80%

0.01376

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-82fm-6qgx-7w8m

CVSS3: 9.8

github

около 2 лет назад

SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.

EPSS

Процентиль: 80%

0.01376

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89