Veracode Vulnerability DatabaseVERACODE:44200Improper Authorization
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
22.1%
prestashop/blockreassurance is vulnerable to Improper Authorization. The vulnerability arises due to a lack of validation during an image file check. While adding a block, an attacker can potentially enter the path of any file in the project instead of the image. When deleting the block, the file will be deleted. It is possible to take down the website completely by deleting index.php.
References
github.com/advisories/GHSA-83j2-qhx2-p7jc
github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa
github.com/PrestaShop/blockreassurance/commit/c593281c1ebb144e63ad3a7f822043ab19542442
github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823
github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4
github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
22.1%