productdesigner- PrestaShop module vulnerability (CVE-2024-24307)

Moduleproductdesigner

Score

7.5 High

Date publish

03-03-2024

Versiones afectadas

  • Less than 1.178.36

Description

Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.

References

Metrics

cvssMetricV31
source134c704f-9b21-4f2e-91b3-4a467353bcc0
typeSecondary
version3.1
vectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
baseScore7.5
baseSeverityHIGH
attackVectorNETWORK
attackComplexityLOW
privilegesRequiredNONE
userInteractionNONE
scopeUNCHANGED
confidentialityImpactHIGH
integrityImpactNONE
availabilityImpactNONE
exploitabilityScore3.9
impactScore3.6
Scroll al inicio