xenforum- PrestaShop module vulnerability (CVE-2023-24763)

Modulexenforum

Score

8.8 High

Date publish

06-03-2023

Versiones afectadas

Less than 2.13.0

Description

In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.

References

https://addons.prestashop.com/en/blog-fo...

Product mitre.org

https://friends-of-presta.github.io/secu...

Exploit Patch Third Party Advisory mitre.org

https://addons.prestashop.com/en/blog-fo...

Product

https://friends-of-presta.github.io/secu...

Exploit Patch Third Party Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov	134c704f-9b21-4f2e-91b3-4a467353bcc0
type	Primary	Secondary
version	3.1	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
baseScore	8.8	8.8
baseSeverity	HIGH	HIGH
attackVector	NETWORK	NETWORK
attackComplexity	LOW	LOW
privilegesRequired	LOW	LOW
userInteraction	NONE	NONE
scope	UNCHANGED	UNCHANGED
confidentialityImpact	HIGH	HIGH
integrityImpact	HIGH	HIGH
availabilityImpact	HIGH	HIGH
exploitabilityScore	2.8	2.8
impactScore	5.9	5.9