icommktconnector- PrestaShop module vulnerability (CVE-2019-15565)

Moduleicommktconnector

Score

9.8 Critical

Date publish

26-08-2019

Versiones afectadas

Less than 1.0.7

Description

The ICOMMKT connector before 1.0.7 for PrestaShop allows SQL injection in icommktconnector.php.

References

https://github.com/danidomen/icommktconn...

Patch Third Party Advisory mitre.org

https://github.com/danidomen/icommktconn...

Patch Third Party Advisory

Metrics

cvssMetricV30
source	nvd@nist.gov
type	Primary
version	3.0
vectorString	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore	9.8
baseSeverity	CRITICAL
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	NONE
userInteraction	NONE
scope	UNCHANGED
confidentialityImpact	HIGH
integrityImpact	HIGH
availabilityImpact	HIGH
exploitabilityScore	3.9
impactScore	5.9
cvssMetricV2
source	nvd@nist.gov
type	Primary
version	2.0
vectorString	AV:N/AC:L/Au:N/C:P/I:P/A:P
baseScore	7.5
accessVector	NETWORK
accessComplexity	LOW
authentication	NONE
confidentialityImpact	PARTIAL
integrityImpact	PARTIAL
availabilityImpact	PARTIAL
baseSeverity	HIGH
exploitabilityScore	10
impactScore	6.4
acInsufInfo	False
obtainAllPrivilege	False
obtainUserPrivilege	False
obtainOtherPrivilege	False
userInteractionRequired	False