totadministrativemandate- PrestaShop module vulnerability (CVE-2022-46965)

Moduletotadministrativemandate

Score

8.8 High

Date publish

02-02-2023

Versiones afectadas

  • Up to and including 1.7.1

Description

PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability.

References

http://prestashop.com
Not Applicable mitre.org
https://github.com/202ecommerce/security...
Exploit Third Party Advisory mitre.org
http://prestashop.com
Not Applicable
https://github.com/202ecommerce/security...
Exploit Third Party Advisory

Metrics

cvssMetricV31
sourcecve@mitre.orgnvd@nist.gov
typeSecondaryPrimary
version3.13.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
baseScore8.18.8
baseSeverityHIGHHIGH
attackVectorNETWORKNETWORK
attackComplexityLOWLOW
privilegesRequiredLOWLOW
userInteractionNONENONE
scopeUNCHANGEDUNCHANGED
confidentialityImpactHIGHHIGH
integrityImpactHIGHHIGH
availabilityImpactNONEHIGH
exploitabilityScore2.82.8
impactScore5.25.9
Scroll al inicio