exploitDog

CVE-2023-51210

Опубликовано: 23 янв. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function.

Ссылки

https://medium.com/%40nasir.synack/uncovering-critical-vulnerability-cve-2023-51210-in-prestashop-plugin-bundle-product-pack-ad7fb08bdc91
Exploit
Third Party Advisory
https://medium.com/%40nasir.synack/uncovering-critical-vulnerability-cve-2023-51210-in-prestashop-plugin-bundle-product-pack-ad7fb08bdc91
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webkul:bundle_product:6.0.1:*:*:*:*:prestashop:*:*

EPSS

Процентиль: 74%

0.00822

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-3crw-hq66-3456

CVSS3: 9.8

github

около 2 лет назад

SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function.

EPSS

Процентиль: 74%

0.00822

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89