exploitDog

CVE-2024-25842

Опубликовано: 03 мар. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo() and postProcess methods.

Ссылки

https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-prestasalesmanager.md
Third Party Advisory
https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-prestasalesmanager.md
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestaworld:account_manager:*:*:*:*:*:prestashop:*:*

Версия до 9.0.0 (исключая)

EPSS

Процентиль: 25%

0.00087

Низкий

7.5 High

CVSS3

Дефекты

CWE-269

Связанные уязвимости

GHSA-m3mq-63hw-6hgx

CVSS3: 7.5

github

почти 2 года назад

An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo() and postProcess methods.

EPSS

Процентиль: 25%

0.00087

Низкий

7.5 High

CVSS3

Дефекты

CWE-269