winbizpayment- PrestaShop module vulnerability (CVE-2023-30198)

Modulewinbizpayment

Score

7.5 High

Date publish

12-06-2023

Versiones afectadas

  • Up to and including 1.0.2

Description

Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.

References

Metrics

cvssMetricV31
sourcecve@mitre.orgnvd@nist.gov
typeSecondaryPrimary
version3.13.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
baseScore7.57.5
baseSeverityHIGHHIGH
attackVectorNETWORKNETWORK
attackComplexityLOWLOW
privilegesRequiredNONENONE
userInteractionNONENONE
scopeUNCHANGEDUNCHANGED
confidentialityImpactHIGHHIGH
integrityImpactNONENONE
availabilityImpactNONENONE
exploitabilityScore3.93.9
impactScore3.63.6
Scroll al inicio