hsmultiaccessoriespro- PrestaShop module vulnerability (CVE-2023-50026)
Modulehsmultiaccessoriespro
Score
9.8 CriticalDate publish
09-02-2024Versiones afectadas
- Less than 5.3.0
Description
SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().References
Metrics
| cvssMetricV31 | |||||
|---|---|---|---|---|---|
| source | nvd@nist.gov | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | |||
| type | Primary | Secondary | |||
| version | 3.1 | 3.1 | |||
| vectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
| baseScore | 9.8 | 9.8 | |||
| baseSeverity | CRITICAL | CRITICAL | |||
| attackVector | NETWORK | NETWORK | |||
| attackComplexity | LOW | LOW | |||
| privilegesRequired | NONE | NONE | |||
| userInteraction | NONE | NONE | |||
| scope | UNCHANGED | UNCHANGED | |||
| confidentialityImpact | HIGH | HIGH | |||
| integrityImpact | HIGH | HIGH | |||
| availabilityImpact | HIGH | HIGH | |||
| exploitabilityScore | 3.9 | 3.9 | |||
| impactScore | 5.9 | 5.9 | |||