CVE-2023-47109

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.
Configurations

Configuration 1 (hide)

cpe:2.3:a:prestashop:customer_reassurance_block:*:*:*:*:*:prestashop:*:*

History

21 Nov 2024, 08:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.1
v2 : unknown
v3 : 5.5
References () https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa - Patch () https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa - Patch
References () https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823 - Patch () https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823 - Patch
References () https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4 - Release Notes () https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4 - Release Notes
References () https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc - Vendor Advisory () https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc - Vendor Advisory

16 Nov 2023, 17:34

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Prestashop customer Reassurance Block
Prestashop
References () https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa - () https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa - Patch
References () https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc - () https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc - Vendor Advisory
References () https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4 - () https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4 - Release Notes
References () https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823 - () https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823 - Patch
CPE cpe:2.3:a:prestashop:customer_reassurance_block:*:*:*:*:*:prestashop:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1

08 Nov 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-08 22:15

Updated : 2024-11-21 08:29


NVD link : CVE-2023-47109

Mitre link : CVE-2023-47109

CVE.ORG link : CVE-2023-47109


JSON object : View

Products Affected

prestashop

  • customer_reassurance_block
CWE
CWE-285

Improper Authorization

NVD-CWE-noinfo