Lucene search

[email protected]CVE-2023-39524

HistoryAug 07, 2023 - 8:15 p.m.

CVE-2023-39524

2023-08-0720:15:10

CWE-89

[email protected]

web.nvd.nist.gov

prestashop

e-commerce

web application

sql injection

vulnerability

product search

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

32.3%

JSON

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO’s product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

VendorProductVersionCPE
prestashopprestashop*cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
prestashop	prestashop	*	cpe:2.3:a:prestashop:prestashop::::::::

References

github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7

github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for CVE-2023-39524

veracode1 osv3 prion1 cvelist1 github1