supernewsletter- PrestaShop module vulnerability (CVE-2024-25839)
Modulesupernewsletter
Score
7.5 HighDate publish
03-03-2024Versiones afectadas
- Up to and including 1.4.21
Description
An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information.References
Metrics
| cvssMetricV31 | |||||
|---|---|---|---|---|---|
| source | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | ||||
| type | Secondary | ||||
| version | 3.1 | ||||
| vectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | ||||
| baseScore | 7.5 | ||||
| baseSeverity | HIGH | ||||
| attackVector | NETWORK | ||||
| attackComplexity | LOW | ||||
| privilegesRequired | NONE | ||||
| userInteraction | NONE | ||||
| scope | UNCHANGED | ||||
| confidentialityImpact | HIGH | ||||
| integrityImpact | NONE | ||||
| availabilityImpact | NONE | ||||
| exploitabilityScore | 3.9 | ||||
| impactScore | 3.6 | ||||