An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Vendors Products
Advancedplugins
  • Reportsstatistics

No data.

No data.

References
Link Providers
https://addons.prestashop.com/en/customer-administration/28379-sales-reports-statistics-custom-fields-export.html cve-icon cve-icon
https://security.friendsofpresta.org/modules/2024/03/14/reportsstatistics.html cve-icon cve-icon
History

Mon, 28 Oct 2024 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-73

Mon, 28 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Advancedplugins
Advancedplugins reportsstatistics
Weaknesses CWE-863
CPEs cpe:2.3:a:advancedplugins:reportsstatistics:*:*:*:*:*:*:*:*
Vendors & Products Advancedplugins
Advancedplugins reportsstatistics
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-19T00:00:00

Updated: 2024-10-28T18:58:51.072Z

Reserved: 2024-03-08T00:00:00

Link: CVE-2024-28394

cve-icon Vulnrichment

Updated: 2024-08-02T00:56:57.268Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-19T20:15:07.210

Modified: 2024-11-21T09:06:16.133

Link: CVE-2024-28394

cve-icon Redhat

No data.