17 matches found
EUVD-2023-2915
Malicious code in bioql PyPI...
CVE-2023-47110
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4...
Improper Access Control
Prestashop/blockreassurance is vulnerable to Improper Access Control. This vulnerability exists due to the lack of configuration key checks in the ajax function of the blockreassurance module , allowing an attacker to modify sensitive information in the system...
CVE-2023-47110 Any value can be changed in the configuration table by an employee having access to block reassurance module
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4...
CVE-2023-47110
CVE-2023-47110 affects PrestaShop blockreassurance; an ajax function in the module allows modifying any value in the configuration table. This is the underlying issue described across multiple sources; patched in version 5.1.4.
PrestaShop blockreassurance security breach
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop blockreassurance version 5.1.3 and earlier versions, which stems...
PT-2023-30315 · Unknown · Blockreassurance
Name of the Vulnerable Software and Affected Versions: blockreassurance versions prior to 5.1.4 Description: The issue concerns an AJAX function in the blockreassurance module that allows modification of any value in the configuration table, potentially compromising the trustworthiness of a store...
CVE-2023-47109
PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...
Path traversal
PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...
CVE-2023-47109 PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...
CVE-2023-47109 PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...
CVE-2023-47109
CVE-2023-47109 concerns PrestaShop blockreassurance. The vulnerability allows a business-operator (BO) user to modify the HTTP request during block creation and supply a file path in the project instead of an image. When the block is deleted, the referenced file is removed, and the attack may ena...
CVE-2023-47109 PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image...
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Impact When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing...
GHSA-83J2-QHX2-P7JC PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Impact When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing...
PrestaShop Authorization Issues Vulnerability
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image scaling. An authorization issue vulnerability exists in PrestaShop blockreassurance versions prior to 5.1.4. The...
PT-2023-30314 · Unknown · Prestashop
Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 5.1.4 Description: The issue affects the blockreassurance module in PrestaShop, which is designed to offer helpful information to reassure customers about the store's trustworthiness. A back-office BO user can...