Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-47109

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.

Published

2023-11-08T22:15:10.423

Last Modified

2024-11-21T08:29:47.733

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	prestashop	customer_reassurance_block	< 5.1.4	Yes

References

https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa Patch ([email protected])
https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823 Patch ([email protected])
https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4 Release Notes ([email protected])
https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc Vendor Advisory ([email protected])
https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)