moneticopaiement- PrestaShop module vulnerability (CVE-2023-45256)
Modulemoneticopaiement
Score
5.4 MediumDate publish
12-06-2025Versiones afectadas
- Less than 1.1.1
Description
Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php.References
Metrics
| cvssMetricV31 | |||||
|---|---|---|---|---|---|
| source | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | ||||
| type | Secondary | ||||
| version | 3.1 | ||||
| vectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N | ||||
| baseScore | 5.4 | ||||
| baseSeverity | MEDIUM | ||||
| attackVector | NETWORK | ||||
| attackComplexity | LOW | ||||
| privilegesRequired | NONE | ||||
| userInteraction | REQUIRED | ||||
| scope | UNCHANGED | ||||
| confidentialityImpact | LOW | ||||
| integrityImpact | LOW | ||||
| availabilityImpact | NONE | ||||
| exploitabilityScore | 2.8 | ||||
| impactScore | 2.5 | ||||