tvcmstestimonial- PrestaShop module vulnerability (CVE-2023-39648)
Moduletvcmstestimonial
Score
9.8 CriticalDate publish
03-10-2023Versiones afectadas
- Up to and including 4.0.1
Description
Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.References
Metrics
| cvssMetricV31 | |||||
|---|---|---|---|---|---|
| source | nvd@nist.gov | ||||
| type | Primary | ||||
| version | 3.1 | ||||
| vectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | ||||
| baseScore | 9.8 | ||||
| baseSeverity | CRITICAL | ||||
| attackVector | NETWORK | ||||
| attackComplexity | LOW | ||||
| privilegesRequired | NONE | ||||
| userInteraction | NONE | ||||
| scope | UNCHANGED | ||||
| confidentialityImpact | HIGH | ||||
| integrityImpact | HIGH | ||||
| availabilityImpact | HIGH | ||||
| exploitabilityScore | 3.9 | ||||
| impactScore | 5.9 | ||||