CVE-2023-28839 - OpenCVE

Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Shoppingfeed	Shoppingfeed

Configuration 1 [-]

cpe:2.3:a:shoppingfeed:shoppingfeed:*:*:*:*:*:prestashop:*:*

References

Link	Resource
https://github.com/shoppingflux/module-prestashop/pull/209	Patch
https://github.com/shoppingflux/module-prestashop/security/advisories/GHSA-vfmq-w777-qvcf	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-18T20:44:55.733Z

Updated: 2023-04-18T20:44:55.733Z

Reserved: 2023-03-24T16:25:34.466Z

Link: CVE-2023-28839

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-04-18T21:15:09.247

Modified: 2023-04-27T20:21:36.517

Link: CVE-2023-28839

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shoppingfeed:shoppingfeed:*:*:*:*:*:prestashop:*:*", "matchCriteriaId": "7F23E3CA-5801-4216-BB98-3A085CC73FA6", "versionEndExcluding": "1.8.3", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue."}], "id": "CVE-2023-28839", "lastModified": "2023-04-27T20:21:36.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-04-18T21:15:09.247", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/shoppingflux/module-prestashop/pull/209"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/shoppingflux/module-prestashop/security/advisories/GHSA-vfmq-w777-qvcf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}