appagebuilder- PrestaShop module vulnerability (CVE-2022-22897)

Moduleappagebuilder

Score

9.8 Critical

Date publish

29-08-2022

Versiones afectadas

Up to and including 2.4.5

Description

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.

References

http://packetstormsecurity.com/files/168...

Exploit Third Party Advisory VDB Entry mitre.org

https://friends-of-presta.github.io/secu...

Exploit Patch Vendor Advisory mitre.org

http://packetstormsecurity.com/files/168...

Exploit Third Party Advisory VDB Entry

https://friends-of-presta.github.io/secu...

Exploit Patch Vendor Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov
type	Primary
version	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore	9.8
baseSeverity	CRITICAL
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	NONE
userInteraction	NONE
scope	UNCHANGED
confidentialityImpact	HIGH
integrityImpact	HIGH
availabilityImpact	HIGH
exploitabilityScore	3.9
impactScore	5.9