Update CVE-2023-39650.yaml

2024-09-19 12:22:48 +04:00 · 2024-09-19 12:22:48 +04:00 · f42e20e723
parent 54817fd3fc
commit f42e20e723
1 changed files with 27 additions and 0 deletions
--- a/http/cves/2023/CVE-2023-39650.yaml
+++ b/http/cves/2023/CVE-2023-39650.yaml
@ -1,3 +1,30 @@
+id: CVE-2023-39650
+
+info:
+  name: PrestaShop Theme Volty CMS Blog - SQL Injection
+  author: mastercho
+  severity: critical
+  description: |
+    In the module 'Theme Volty CMS Blog' (tvcmsblog) up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
+  impact: |
+    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized accessand data leakage.
+  reference:
+    - https://security.friendsofpresta.org/modules/2023/08/24/tvcmsblog.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-39650
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2023-39650
+    cwe-id: CWE-89
+    epss-score: 0.04685
+    epss-percentile: 0.91818
+  metadata:
+    max-request: 1
+    verified: true
+    framework: prestashop
+    shodan-query: html:"/tvcmsblog"
+  tags: cve,cve2023,prestashop,sqli,tvcmsblog
+
 http:
  - raw:
      - |