mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
90 lines
2.8 KiB
JSON
90 lines
2.8 KiB
JSON
{
|
|
"id": "CVE-2023-39646",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2023-10-03T22:15:10.263",
|
|
"lastModified": "2024-11-21T08:15:45.073",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module \u201cTheme Volty CMS Category Chain Slide\"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Neutralizaci\u00f3n incorrecta del par\u00e1metro SQL en el m\u00f3dulo Theme Volty CMS Category Chain Slider para PrestaShop. En el m\u00f3dulo \u201cTheme Volty CMS Category Chain Slide\"(tvcmscategorychainslider) hasta la versi\u00f3n 4.0.1 de Theme Volty para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL en las versiones afectadas."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-89"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:themevolty:theme_volty_cms_category_chain_slider:*:*:*:*:*:prestashop:*:*",
|
|
"versionEndIncluding": "4.0.1",
|
|
"matchCriteriaId": "8A6AFB97-72A9-41B7-8372-7F049F9DE040"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |