simpleimportproduct- PrestaShop module vulnerability (CVE-2023-39677)

Modulesimpleimportproduct

Score

7.5 High

Date publish

20-09-2023

Versiones afectadas

Versions from 6.2.9 up to and including 6.2.9
Versions from 3.6.9 up to and including 3.6.9

Description

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.

References

https://blog.sorcery.ie/posts/myprestamo...

Exploit Third Party Advisory mitre.org

https://myprestamodules.com/

Product mitre.org

https://sorcery.ie

Not Applicable mitre.org

https://blog.sorcery.ie/posts/myprestamo...

Exploit Third Party Advisory

https://myprestamodules.com/

Product

https://sorcery.ie

Not Applicable

Metrics

cvssMetricV31
source	nvd@nist.gov
type	Primary
version	3.1
vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
baseScore	7.5
baseSeverity	HIGH
attackVector	NETWORK
attackComplexity	LOW
privilegesRequired	NONE
userInteraction	NONE
scope	UNCHANGED
confidentialityImpact	HIGH
integrityImpact	NONE
availabilityImpact	NONE
exploitabilityScore	3.9
impactScore	3.6