GitHub Advisory DatabaseGHSA-XFM3-HJCC-GV78Any value can be changed in the configuration table by an employee having access to block reassurance module
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
7 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%
Impact
An ajax function in module blockreassurance allows modifying any value in the configuration table
Patches
v5.1.4
Workarounds
no workaround available
References
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| prestashop/blockreassurance | le | 5.1.3 |
References
github.com/advisories/GHSA-xfm3-hjcc-gv78
github.com/PrestaShop/blockreassurance/commit/0a74bf1ebb907eef39e235a3a6dca0c28ed3ad23
github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4
github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78
nvd.nist.gov/vuln/detail/CVE-2023-47110
Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
7 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%