GitHub_MCVELIST:CVE-2023-47110CVE-2023-47110 Any value can be changed in the configuration table by an employee having access to block reassurance module
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
9.3 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.
CNA Affected
[
{
"vendor": "PrestaShop",
"product": "blockreassurance",
"versions": [
{
"version": "<= 5.1.3",
"status": "affected"
}
]
}
]Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
9.3 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%