ndk_advanced_custom_fields- PrestaShop module vulnerability (CVE-2022-40839)

Modulendk_advanced_custom_fields

Score

7.5 High

Date publish

01-11-2022

Versiones afectadas

Versions from 3.5.0 up to and including 3.5.0

Description

A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data.

References

http://ndk.com

Broken Link Product mitre.org

http://ndkadvancedcustomizationfields.co...

Broken Link Product URL Repurposed mitre.org

https://github.com/daaaalllii/cve-s/blob...

Exploit Third Party Advisory mitre.org

http://ndk.com

Broken Link Product

http://ndkadvancedcustomizationfields.co...

Broken Link Product URL Repurposed

https://github.com/daaaalllii/cve-s/blob...

Exploit Third Party Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov	134c704f-9b21-4f2e-91b3-4a467353bcc0
type	Primary	Secondary
version	3.1	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
baseScore	7.5	7.5
baseSeverity	HIGH	HIGH
attackVector	NETWORK	NETWORK
attackComplexity	LOW	LOW
privilegesRequired	NONE	NONE
userInteraction	NONE	NONE
scope	UNCHANGED	UNCHANGED
confidentialityImpact	HIGH	HIGH
integrityImpact	NONE	NONE
availabilityImpact	NONE	NONE
exploitabilityScore	3.9	3.9
impactScore	3.6	3.6