CVE-2023-50027 - OpenCVE

SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Buy-addons	Bazoom Magnifier

Configuration 1 [-]

cpe:2.3:a:buy-addons:bazoom_magnifier:*:*:*:*:*:prestashop:*:*

References

Link	Resource
https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2024-01-05T00:00:00

Updated: 2024-01-05T09:09:23.702900

Reserved: 2023-12-04T00:00:00

Link: CVE-2023-50027

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-05T09:15:08.743

Modified: 2024-01-11T14:26:14.217

Link: CVE-2023-50027

JSON object: View

Redhat Information

No data.

CWE

CWE-89