Lucene search

K
cveMitreCVE-2023-43985
HistoryJan 19, 2024 - 2:15 p.m.

CVE-2023-43985

2024-01-1914:15:12
CWE-89
mitre
web.nvd.nist.gov
11
cve-2023-43985
sunnytoo
stblogsearch
v1.0.0
sql injection
vulnerability
nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.0%

SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component.

Affected configurations

Nvd
Node
sunnytoostblogsearchRange1.0.0prestashop
VendorProductVersionCPE
sunnytoostblogsearch*cpe:2.3:a:sunnytoo:stblogsearch:*:*:*:*:*:prestashop:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.0%

Related for CVE-2023-43985