Lucene search

[email protected]CVE-2023-30196

HistoryMay 30, 2023 - 12:15 p.m.

CVE-2023-30196

2023-05-3012:15:09

CWE-22

[email protected]

web.nvd.nist.gov

prestashop

salesbooster

incorrect access control

vulnerability

nvd

cve-2023-30196

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

42.4%

JSON

Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php.

Affected configurations

NVD

Node

webbaxsalesboosterRange<1.10.5prestashop

CPENameOperatorVersion
webbax:salesboosterwebbax salesboosterlt1.10.5

CPE	Name	Operator	Version
webbax:salesbooster	webbax salesbooster	lt	1.10.5

References

friends-of-presta.github.io/security-advisories/modules/2023/05/22/salesbooster.html

github.com/PrestaShop/PrestaShop/blob/6c05518b807d014ee8edb811041e3de232520c28/classes/Tools.php#L1247

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

42.4%

JSON

Related for CVE-2023-30196

cvelist1 nvd1 prion1