CVE-2023-39651

{"id": "CVE-2023-39651", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-10-03T22:15:10.417", "references": [{"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmsbrandlist.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.friendsofpresta.org/modules/2023/09/26/tvcmsbrandlist.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module \u201cTheme Volty CMS BrandList\u201d (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta del par\u00e1metro SQL en el m\u00f3dulo Theme Volty CMS BrandList para PrestaShop En el m\u00f3dulo \u201cTheme Volty CMS BrandList\u201d (tvcmsbrandlist) hasta la versi\u00f3n 4.0.1 de Theme Volty para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas."}], "lastModified": "2024-11-21T08:15:45.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:themevolty:theme_volty_cms_brandlist:*:*:*:*:*:prestashop:*:*", "vulnerable": true, "matchCriteriaId": "151466AF-5B3C-45D4-9853-BF7226879E0B", "versionEndIncluding": "4.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}