First published: Fri Sep 02 2022(Updated: )
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator's cookie. The issue is fixed in version 5.0.2.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Productcomments | <5.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-35933 is a vulnerability in the PrestaShop Productcomments module that allows attackers to steal an administrator's cookie.
The severity of CVE-2022-35933 is medium, with a CVSS score of 6.1.
To fix CVE-2022-35933, you need to update to version 5.0.2 of the PrestaShop Productcomments module.
The Common Weakness Enumeration (CWE) for CVE-2022-35933 is CWE-79, which is a path traversal vulnerability.
You can find more information about CVE-2022-35933 in the following references: [GitHub Commit](https://github.com/PrestaShop/productcomments/commit/314456d739155aa71f0b235827e8e0f24b97c26b) and [GitHub Security Advisory](https://github.com/PrestaShop/productcomments/security/advisories/GHSA-prrh-qvhf-x788).