TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2024-24303

CRITICAL
9.8

Beschreibung

SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/7/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

hipresta:gift_wrapping_pro

Schwachen (CWE)

CWE-89CWE-89

Referenzen

https://security.friendsofpresta.org/modules/2024/02/06/hiadvancedgiftwrapping.html(cve@mitre.org)
https://security.friendsofpresta.org/modules/2024/02/06/hiadvancedgiftwrapping.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.