Lucene search

[email protected]NVD:CVE-2024-33275

HistoryApr 30, 2024 - 3:15 p.m.

CVE-2024-33275

2024-04-3015:15:53

CWE-89

[email protected]

web.nvd.nist.gov

cve-2024-33275

sql injection

webbax supernewsletter

remote attacker

privilege escalation

product_search.php

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components.

References

security.friendsofpresta.org/modules/2024/04/29/supernewsletter.html

www.webbax.ch/2017/08/30/9-modules-prestashop-gratuits-offert-par-webbax/

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-33275

cve1 vulnrichment1 cvelist1