GitHub_MCVELIST:CVE-2023-47110CVE-2023-47110 Any value can be changed in the configuration table by an employee having access to block reassurance module
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
17.0%
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.
CNA Affected
[
{
"vendor": "PrestaShop",
"product": "blockreassurance",
"versions": [
{
"version": "<= 5.1.3",
"status": "affected"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
AI Score
Confidence
High
EPSS
Percentile
17.0%