jmspagebuilder- PrestaShop module vulnerability (CVE-2023-29632)

Modulejmspagebuilder

Score

9.8 Critical

Date publish

06-06-2023

Versiones afectadas

No versions found.

Description

PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.

References

https://friends-of-presta.github.io/secu...

Patch Third Party Advisory mitre.org

https://friends-of-presta.github.io/secu...

Patch Third Party Advisory

Metrics

cvssMetricV31
source	cve@mitre.org	nvd@nist.gov
type	Secondary	Primary
version	3.1	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore	9.8	9.8
baseSeverity	CRITICAL	CRITICAL
attackVector	NETWORK	NETWORK
attackComplexity	LOW	LOW
privilegesRequired	NONE	NONE
userInteraction	NONE	NONE
scope	UNCHANGED	UNCHANGED
confidentialityImpact	HIGH	HIGH
integrityImpact	HIGH	HIGH
availabilityImpact	HIGH	HIGH
exploitabilityScore	3.9	3.9
impactScore	5.9	5.9