CVE-2023-47110 CRITICAL

CVE-2023-47110: Any value can be changed in the configuration table by an employee having access to block reassurance module

Vendor Prestashop

Product blockreassurance

Weakness CWE-284

Published November 9, 2023

Last update September 4, 2024

View on NVD All CVEs

CVSS base score

9.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.

Key dates

02Disclosure timeline

November 9, 2023 CVE published

September 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-47110 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2023-47110: Any value can be changed in the configuration table by an employee having access to block reassurance module

01Description

02Disclosure timeline

03References

04Related CVE