tvcmscategorychainslider- PrestaShop module vulnerability (CVE-2023-39646)

Moduletvcmscategorychainslider

Score

9.8 Critical

Date publish

03-10-2023

Versiones afectadas

Up to and including 4.0.1

Description

Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

References

https://security.friendsofpresta.org/mod...

Patch Third Party Advisory mitre.org

https://security.friendsofpresta.org/mod...

Patch Third Party Advisory

Metrics

cvssMetricV31
source	nvd@nist.gov
type	Primary
version	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore	9.8
baseSeverity	CRITICAL
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	NONE
userInteraction	NONE
scope	UNCHANGED
confidentialityImpact	HIGH
integrityImpact	HIGH
availabilityImpact	HIGH
exploitabilityScore	3.9
impactScore	5.9