TROYANOSYVIRUS
Retour aux CVEs

CVE-2023-50026

CRITICAL
9.8

Description

SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts().

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/9/2024
Derniere modification5/15/2025
Sourcenvd
Observations honeypot0

Produits affectes

prestamonster:multi_accessories_pro

Faiblesses (CWE)

CWE-89CWE-89

References

https://security.friendsofpresta.org/modules/2024/02/08/hsmultiaccessoriespro.html(cve@mitre.org)
https://security.friendsofpresta.org/modules/2024/02/08/hsmultiaccessoriespro.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.