Lucene search

[email protected]NVD:CVE-2023-39524

HistoryAug 07, 2023 - 8:15 p.m.

CVE-2023-39524

2023-08-0720:15:10

CWE-89

[email protected]

web.nvd.nist.gov

prestashop

e-commerce

sql injection

vulnerability

patch

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO’s product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

Affected configurations

NVD

Node

prestashopprestashopRange<8.1.1

References

github.com/PrestaShop/PrestaShop/commit/2047d4c053043102bc46a37d383b392704bf14d7

github.com/PrestaShop/PrestaShop/security/advisories/GHSA-75p5-jwx4-qw9h

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

Related for NVD:CVE-2023-39524

veracode1 osv3 cve1 prion1 github1 cvelist1