CVE-2023-50026

{"id": "CVE-2023-50026", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-02-09T08:15:08.460", "references": [{"url": "https://security.friendsofpresta.org/modules/2024/02/08/hsmultiaccessoriespro.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Presta Monster \"Multi Accessories Pro\" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts()."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Presta Monster \"Multi Accessories Pro\" (hsmultiaccessoriespro) para PrestaShop versiones 5.1.1 y anteriores, permite a atacantes remotos escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del m\u00e9todo HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts()."}], "lastModified": "2024-06-07T14:12:14.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prestamonster:multi_accessories_pro:*:*:*:*:*:prestashop:*:*", "vulnerable": true, "matchCriteriaId": "BCD2D724-CE66-49E3-9FBD-81BD076E654C", "versionEndExcluding": "5.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}