Lucene search

MitreCVE-2024-33274

HistoryApr 30, 2024 - 3:15 p.m.

CVE-2024-33274

2024-04-3015:15:53

CWE-22

mitre

web.nvd.nist.gov

cve-2024-33274

remote attacker

sensitive information

custom checkout fields

add custom fields

ajax.php

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

Percentile

11.1%

JSON

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php

References

addons.prestashop.com/en/registration-ordering-process/19008-custom-checkout-fields-add-custom-fields-to-checkout.html

security.friendsofpresta.org/modules/2024/04/29/customfields.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

Percentile

11.1%

JSON

Related for CVE-2024-33274