faqs- PrestaShop module vulnerability (CVE-2023-26858)

Modulefaqs

Score

9.8 Critical

Date publish

31-03-2023

Versiones afectadas

  • Versions from 3.1.6 up to and including 3.1.6

Description

SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.

References

Metrics

cvssMetricV31
sourcenvd@nist.gov
typePrimary
version3.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore9.8
baseSeverityCRITICAL
attackVectorNETWORK
attackComplexityLOW
privilegesRequiredNONE
userInteractionNONE
scopeUNCHANGED
confidentialityImpactHIGH
integrityImpactHIGH
availabilityImpactHIGH
exploitabilityScore3.9
impactScore5.9
Scroll al inicio