Vulnerabilities > CVE-2023-47109 - Unspecified vulnerability in Prestashop Customer Reassurance Block

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

prestashop

NVD

Published: 2023-11-08

Updated: 2023-11-16

Summary

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.

Vulnerable Configurations

Part	Description	Count
Application	Prestashop Prestashop Customer Reassurance Block - Prestashop Customer Reassurance Block 1.0.1 Prestashop Customer Reassurance Block 1.0.5 Prestashop Customer Reassurance Block 1.0.6 Prestashop Customer Reassurance Block 2.0.0 Prestashop Customer Reassurance Block 2.0.1 Prestashop Customer Reassurance Block 2.0.2 Prestashop Customer Reassurance Block 2.0.3 Prestashop Customer Reassurance Block 3.0.0 Prestashop Customer Reassurance Block 3.0.1 Prestashop Customer Reassurance Block 4.1.0 Prestashop Customer Reassurance Block 4.1.1 Prestashop Customer Reassurance Block 5.0.0 Prestashop Customer Reassurance Block 5.1.0 Prestashop Customer Reassurance Block 5.1.1 Prestashop Customer Reassurance Block 5.1.2 Prestashop Customer Reassurance Block 5.1.3	17

Summary

Vulnerable Configurations

References