CVE-2023-47110

EUVD-2023-3061
blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
GitHub_MCNA
9.1 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
prestashopcustomer_reassurance_block
𝑥
< 5.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78
https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78