Lucene search

[email protected]CVE-2023-33664

HistoryJul 07, 2023 - 4:15 p.m.

CVE-2023-33664

2023-07-0716:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-33664

sql injection

web security

vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.1%

JSON

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.

Affected configurations

NVD

Node

ai-devdeclinaisons_a_la_voleeRange<0.3.1prestashop

CPENameOperatorVersion
ai-dev:declinaisons_a_la_voleeai-dev declinaisons a la voleelt0.3.1

CPE	Name	Operator	Version
ai-dev:declinaisons_a_la_volee	ai-dev declinaisons a la volee	lt	0.3.1

References

security.friendsofpresta.org/modules/2023/06/28/aicombinationsonfly.html

www.boutique.ai-dev.fr/en/ergonomie/61-combinations-on-fly.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for CVE-2023-33664

prion1 cvelist1 nvd1