CVE-2023-47110

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions blockreassurance versions prior to 5.1.4

Description The issue concerns an AJAX function in the blockreassurance module that allows modification of any value in the configuration table, potentially compromising the trustworthiness of a store.

Recommendations For versions prior to 5.1.4, update to version 5.1.4 to resolve the issue. As a temporary workaround, consider restricting access to the AJAX function in the blockreassurance module until the update is applied.

Exploit

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2023-47110

GHSA-XFM3-HJCC-GV78

Affected Products

Blockreassurance

CVE-2023-47110

Weakness Enumeration

Related Identifiers

Affected Products

References · 10