mib- PrestaShop module vulnerability (CVE-2023-46351)

Modulemib

Score

9.8 Critical

Date publish

19-01-2024

Versiones afectadas

  • Less than 1.6.1

Description

In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

References

Metrics

cvssMetricV31
sourcenvd@nist.gov134c704f-9b21-4f2e-91b3-4a467353bcc0
typePrimarySecondary
version3.13.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
baseScore9.89.8
baseSeverityCRITICALCRITICAL
attackVectorNETWORKNETWORK
attackComplexityLOWLOW
privilegesRequiredNONENONE
userInteractionNONENONE
scopeUNCHANGEDUNCHANGED
confidentialityImpactHIGHHIGH
integrityImpactHIGHHIGH
availabilityImpactHIGHHIGH
exploitabilityScore3.93.9
impactScore5.95.9
Scroll al inicio