CVE-2023-47109

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.
Configurations

Configuration 1 (hide)

cpe:2.3:a:prestashop:customer_reassurance_block:*:*:*:*:*:prestashop:*:*

History

21 Nov 2024, 08:29

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-08 22:15

Updated : 2024-11-21 08:29


NVD link : CVE-2023-47109

Mitre link : CVE-2023-47109

CVE.ORG link : CVE-2023-47109


JSON object : View

Products Affected

prestashop

  • customer_reassurance_block
CWE
CWE-285

Improper Authorization

NVD-CWE-noinfo