Описание
SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods.
Уязвимые конфигурации
Конфигурация 1Версия до 6.5.0 (включая)
cpe:2.3:a:myprestamodules:product_catalog_\(csv\,_excel\)_import:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00054
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-269
Связанные уязвимости
CVSS3: 9.8
github
почти 2 года назад
SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods.
EPSS
Процентиль: 17%
0.00054
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-269