CVE-2023-47110

Опубликовано: 09 нояб. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 5.3

EPSS Низкий

Описание

blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.

Ссылки

https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78
Vendor Advisory
https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:customer_reassurance_block:*:*:*:*:*:prestashop:*:*

Версия до 5.1.4 (исключая)

EPSS

Процентиль: 34%

0.00133

Низкий

9.1 Critical

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

GHSA-xfm3-hjcc-gv78

CVSS3: 5.3

github

около 2 лет назад

Any value can be changed in the configuration table by an employee having access to block reassurance module

EPSS

Процентиль: 34%

0.00133

Низкий

9.1 Critical

CVSS3

5.3 Medium

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo