posstaticblocks- PrestaShop module vulnerability (CVE-2023-30189)

Moduleposstaticblocks

Score

9.8 Critical

Date publish

16-05-2023

Versiones afectadas

Up to and including 1.0.0

Description

Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().

References

https://friends-of-presta.github.io/secu...

Exploit Patch Third Party Advisory mitre.org

https://friends-of-presta.github.io/secu...

Exploit Patch Third Party Advisory

Metrics

cvssMetricV31
source	cve@mitre.org	nvd@nist.gov	134c704f-9b21-4f2e-91b3-4a467353bcc0
type	Secondary	Primary	Secondary
version	3.1	3.1	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore	9.8	9.8	9.8
baseSeverity	CRITICAL	CRITICAL	CRITICAL
attackVector	NETWORK	NETWORK	NETWORK
attackComplexity	LOW	LOW	LOW
privilegesRequired	NONE	NONE	NONE
userInteraction	NONE	NONE	NONE
scope	UNCHANGED	UNCHANGED	UNCHANGED
confidentialityImpact	HIGH	HIGH	HIGH
integrityImpact	HIGH	HIGH	HIGH
availabilityImpact	HIGH	HIGH	HIGH
exploitabilityScore	3.9	3.9	3.9
impactScore	5.9	5.9	5.9