ws_productreviews- PrestaShop module vulnerability (CVE-2023-25206)

Modulews_productreviews

Score

8.8 High

Date publish

14-03-2023

Versiones afectadas

Less than 3.6.2

Description

PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection.

References

https://addons.prestashop.com/en/custome...

Product mitre.org

https://friends-of-presta.github.io/secu...

Exploit Third Party Advisory mitre.org

https://addons.prestashop.com/en/custome...

Product

https://friends-of-presta.github.io/secu...

Exploit Third Party Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov
type	Primary
version	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
baseScore	8.8
baseSeverity	HIGH
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	LOW
userInteraction	NONE
scope	UNCHANGED
confidentialityImpact	HIGH
integrityImpact	HIGH
availabilityImpact	HIGH
exploitabilityScore	2.8
impactScore	5.9