Lucene search

[email protected]CVE-2023-26860

HistoryApr 10, 2023 - 1:15 p.m.

CVE-2023-26860

2023-04-1013:15:07

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-26860

sql injection

prestashop

igbudget

security vulnerability

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component.

Affected configurations

NVD

Node

save_your_carts_and_buy_later_or_send_it_projectsave_your_carts_and_buy_later_or_send_itRange≤1.0.3prestashop

CPENameOperatorVersion
save_your_carts_and_buy_later_or_send_it_project:save_your_carts_and_buy_later_or_send_itsave your carts and buy later or send it project save your carts and buy later or send itle1.0.3

CPE	Name	Operator	Version
save_your_carts_and_buy_later_or_send_it_project:save_your_carts_and_buy_later_or_send_it	save your carts and buy later or send it project save your carts and buy later or send it	le	1.0.3

References

addons.prestashop.com/en/order-management/45282-save-your-carts-and-buy-later-or-send-it.html

friends-of-presta.github.io/security-advisories/modules/2023/04/04/lgbudget.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

Related for CVE-2023-26860

prion1 cvelist1 nvd1