CVE-2023-47109

2023-11-0822:15:10

CWE-285

[email protected]

web.nvd.nist.gov

prestashop

blockreassurance

unauthorized access

file deletion

website unavailability

cve-2023-47109

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.1%

JSON

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.

Affected configurations

Vulners

NVD

Node

prestashopprestashopRange≤5.1.3

VendorProductVersionCPE
prestashopprestashop*cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
prestashop	prestashop	*	cpe:2.3:a:prestashop:prestashop::::::::

CNA Affected

[
  {
    "vendor": "PrestaShop",
    "product": "blockreassurance",
    "versions": [
      {
        "version": "<= 5.1.3",
        "status": "affected"
      }
    ]
  }
]