CVE-2024-24310

Опубликовано: 23 фев. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection.

Ссылки

https://addons.prestashop.com/en/preparation-shipping/24123-generate-barcode-on-invoice-delivery-slip.html
Third Party Advisory
https://security.friendsofpresta.org/modules/2024/02/20/ecgeneratebarcode.html
Product
https://addons.prestashop.com/en/preparation-shipping/24123-generate-barcode-on-invoice-delivery-slip.html
Third Party Advisory
https://security.friendsofpresta.org/modules/2024/02/20/ecgeneratebarcode.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ethercreation:generate_barcode_on_invoice_\/_delivery_slip:*:*:*:*:*:prestashop:*:*

Версия до 1.2.0 (включая)

EPSS

Процентиль: 22%

0.00072

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-vp85-c393-q66r