Home > Vulnerability Database > CVE-2023-47109

Mend.io Vulnerability Database

CVE-2023-47109

Good to know:

Date: November 8, 2023

PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.

Language: PHP

Severity Score

5.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-47109

Url: https://github.com/PrestaShop/blockreassurance/commit/eec00da564db4c1804b0a0d1e3d9f7ec4e27d823

Url: https://github.com/PrestaShop/blockreassurance/releases/tag/v5.1.4

Url: https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-83j2-qhx2-p7jc

Url: https://github.com/PrestaShop/blockreassurance

Url: https://github.com/PrestaShop/blockreassurance/commit/2d0e97bebf795690caffe33c1ab23a9bf43fcdfa

Url: https://www.mend.io/vulnerability-database/CVE-2023-47109

Severity Score

5.5

Weakness Type (CWE)

Improper Authorization

CWE-285

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version v5.1.4

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-47109

Good to know:

Date: November 8, 2023

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?