Lucene search

[email protected]NVD:CVE-2024-28396

HistoryMar 20, 2024 - 2:15 p.m.

CVE-2024-28396

2024-03-2014:15:08

CWE-94

[email protected]

web.nvd.nist.gov

cve-2024-28396

remote attacker

arbitrary code execution

download.php component

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

Percentile

9.0%

JSON

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.

References

addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html

security.friendsofpresta.org/modules/2024/03/14/ordersexport.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-28396

vulnrichment1 cvelist1 cve1