Any value can be changed in the configuration table by an employee having access to block reassurance module
CVE-2023-47110

9.1CRITICAL

Key Information:

Vendor: Prestashop
Status: Blockreassurance
Vendor: CVE Published:; 9 November 2023

What is CVE-2023-47110?

The blockreassurance module in PrestaShop facilitates the display of trust signals to customers. However, it contains a security flaw that allows for unauthorized modification of configuration values through an AJAX function. This vulnerability presents a risk of altering critical store settings, which may compromise user trust. The issue has been rectified in version 5.1.4, underscoring the importance of maintaining updated software to ensure security integrity.

Affected Version(s)

blockreassurance <= 5.1.3

References

https://github.com/PrestaShop/blockreassurance/security/a...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2023
Vulnerability Reserved
Oct 30, 2023

Prestashop

What is CVE-2023-47110?

Affected Version(s)

References

CVSS V3.1

Timeline