Lucene search

[email protected]NVD:CVE-2023-27032

HistoryApr 12, 2023 - 2:15 p.m.

CVE-2023-27032

2023-04-1214:15:07

CWE-89

[email protected]

web.nvd.nist.gov

prestashop

advancedpopupcreator

sql injection

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.018

Percentile

88.3%

JSON

Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().

Affected configurations

Nvd

Node

idnovatepopup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletterRange1.1.21–1.1.25prestashop

VendorProductVersionCPE
idnovatepopup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter*cpe:2.3:a:idnovate:popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter:*:*:*:*:*:prestashop:*:*

Vendor	Product	Version	CPE
idnovate	popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter	*	cpe:2.3:a:idnovate:popup_module_\(on_entering\,_exit_popup\,_add_product\)_and_newsletter::::::prestashop::*

References

addons.prestashop.com/en/pop-up/23773-popup-on-entry-exit-popup-add-product-and-newsletter.html

friends-of-presta.github.io/security-advisories/modules/2023/04/11/advancedpopupcreator.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.018

Percentile

88.3%

JSON

Related for NVD:CVE-2023-27032

prion1 cvelist1 cve1 nuclei1