Vulnerability Details CVE-2023-27033
Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.2%
CVSS Severity
CVSS v3 Score 9.8
References
- https://addons.prestashop.com/fr/declinaisons-personnalisation/22677-personnalisation-de-produit-product-customize.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/04/06/cdesigner-CWE434.html
- https://addons.prestashop.com/fr/declinaisons-personnalisation/22677-personnalisation-de-produit-product-customize.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/04/06/cdesigner-CWE434.html
Products affected by CVE-2023-27033
-
cpe:2.3:a:cdesigner_project:cdesigner:3.1.3
-
cpe:2.3:a:cdesigner_project:cdesigner:3.2.1