CVE-2024-25843

Опубликовано: 27 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.

Ссылки

https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html
Product
https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html
Patch
Third Party Advisory
https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html
Product
https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prestashop:import\/update_bulk_product:*:*:*:*:*:prestashop:*:*

Версия до 1.1.29 (исключая)

EPSS

Процентиль: 36%

0.0015

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-h3r2-qmh3-6432