Lucene search

MitreCVE-2024-28396

HistoryMar 20, 2024 - 2:15 p.m.

CVE-2024-28396

2024-03-2014:15:08

CWE-94

mitre

web.nvd.nist.gov

myprestamodules

ordersexport

cve-2024-28396

remote code execution

download.php

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.

References

addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html

security.friendsofpresta.org/modules/2024/03/14/ordersexport.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-28396