CVE-2023-47109 PrestaShop blockreassurance 5.1.3 DTR + Unrestricted File Delete via BO
CVE-2023-47109 Published on November 8, 2023

PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
PrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.

Github Repository NVD

Vulnerability Analysis

CVE-2023-47109 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2023-47109 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2023-47109

Want to know whenever a new CVE is published for PrestaShop Customer Reassurance Block? stack.watch will email you.

PrestaShop Customer Reassurance Block
 

Affected Versions

PrestaShop blockreassurance Version <= 5.1.3 is affected by CVE-2023-47109

Vulnerable Packages

The following package name and versions may be associated with CVE-2023-47109

Package Manager Vulnerable Package Versions Fixed In
composer prestashop/blockreassurance <= 5.1.3 5.1.4

Exploit Probability

EPSS
0.24%
Percentile
47.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.