lgbudget- PrestaShop module vulnerability (CVE-2023-26860)

Modulelgbudget

Score

8.8 High

Date publish

10-04-2023

Versiones afectadas

Up to and including 1.0.3

Description

SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component.

References

https://addons.prestashop.com/en/order-m...

Product mitre.org

https://friends-of-presta.github.io/secu...

Exploit Patch Third Party Advisory mitre.org

https://addons.prestashop.com/en/order-m...

Product

https://friends-of-presta.github.io/secu...

Exploit Patch Third Party Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov	134c704f-9b21-4f2e-91b3-4a467353bcc0
type	Primary	Secondary
version	3.1	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
baseScore	8.8	8.8
baseSeverity	HIGH	HIGH
attackVector	NETWORK	NETWORK
attackComplexity	LOW	LOW
privilegesRequired	LOW	LOW
userInteraction	NONE	NONE
scope	UNCHANGED	UNCHANGED
confidentialityImpact	HIGH	HIGH
integrityImpact	HIGH	HIGH
availabilityImpact	HIGH	HIGH
exploitabilityScore	2.8	2.8
impactScore	5.9	5.9