advancedpopupcreator- PrestaShop module vulnerability (CVE-2023-27032)

Moduleadvancedpopupcreator

Score

9.8 Critical

Date publish

12-04-2023

Versiones afectadas

Versions from 1.1.21 up to but not including 1.1.25

Description

Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().

References

https://addons.prestashop.com/en/pop-up/...

Product mitre.org

https://friends-of-presta.github.io/secu...

Patch Third Party Advisory mitre.org

https://addons.prestashop.com/en/pop-up/...

Product

https://friends-of-presta.github.io/secu...

Patch Third Party Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov	134c704f-9b21-4f2e-91b3-4a467353bcc0
type	Primary	Secondary
version	3.1	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore	9.8	9.8
baseSeverity	CRITICAL	CRITICAL
attackVector	NETWORK	NETWORK
attackComplexity	LOW	LOW
privilegesRequired	NONE	NONE
userInteraction	NONE	NONE
scope	UNCHANGED	UNCHANGED
confidentialityImpact	HIGH	HIGH
integrityImpact	HIGH	HIGH
availabilityImpact	HIGH	HIGH
exploitabilityScore	3.9	3.9
impactScore	5.9	5.9