Vulnerability Details CVE-2023-43986
DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.6%
CVSS Severity
CVSS v3 Score 9.8
References
- https://addons.prestashop.com/fr/declinaisons-personnalisation/20343-configurateur-avance-de-produit-sur-mesure-par-etape.html
- https://security.friendsofpresta.org/modules/2023/10/19/configurator.html
- https://addons.prestashop.com/fr/declinaisons-personnalisation/20343-configurateur-avance-de-produit-sur-mesure-par-etape.html
- https://security.friendsofpresta.org/modules/2023/10/19/configurator.html
Products affected by CVE-2023-43986
-
cpe:2.3:a:dmconcept:configurator:-
-
cpe:2.3:a:dmconcept:configurator:4.9.3