envoimoinscher- PrestaShop module vulnerability (CVE-2023-30151)

Moduleenvoimoinscher

Score

9.8 Critical

Date publish

13-07-2023

Versiones afectadas

Less than 3.1.10

Description

A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter.

References

https://addons.prestashop.com/en/shippin...

Not Applicable mitre.org

https://help.boxtal.com/hc/fr/articles/3...

Permissions Required Third Party Advisory mitre.org

https://security.friendsofpresta.org/mod...

Exploit Third Party Advisory mitre.org

https://addons.prestashop.com/en/shippin...

Not Applicable

https://help.boxtal.com/hc/fr/articles/3...

Permissions Required Third Party Advisory

https://security.friendsofpresta.org/mod...

Exploit Third Party Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov
type	Primary
version	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore	9.8
baseSeverity	CRITICAL
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	NONE
userInteraction	NONE
scope	UNCHANGED
confidentialityImpact	HIGH
integrityImpact	HIGH
availabilityImpact	HIGH
exploitabilityScore	3.9
impactScore	5.9