Lucene search

[email protected]CVE-2023-28839

HistoryApr 18, 2023 - 9:15 p.m.

CVE-2023-28839

2023-04-1821:15:09

CWE-89

[email protected]

web.nvd.nist.gov

shoppingfeed

prestashop

sql injection

vulnerability

upgrade

nvd

ecommerce

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.3%

JSON

Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.

Affected configurations

Vulners

NVD

Node

shoppingfluxmodule_prestashopRange1.4.0–1.8.3

CPENameOperatorVersion
shoppingfeed:shoppingfeedshoppingfeedlt1.8.3

CPE	Name	Operator	Version
shoppingfeed:shoppingfeed	shoppingfeed	lt	1.8.3

CNA Affected

[
  {
    "vendor": "shoppingflux",
    "product": "module-prestashop",
    "versions": [
      {
        "version": ">= 1.4.0, < 1.8.3",
        "status": "affected"
      }
    ]
  }
]

References

github.com/shoppingflux/module-prestashop/pull/209

github.com/shoppingflux/module-prestashop/security/advisories/GHSA-vfmq-w777-qvcf

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for CVE-2023-28839

nvd1 prion1 osv1 cvelist1