CVE-2024-25839

HIGH

Webbax Super Newsletter < 1.4.21 - Information Disclosure

Title source: rule

Description

An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information.

References (1)

Core 1

Core References

Patch, Third Party Advisory

https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-supernewsletter.md

View Patch ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0009

EPSS Percentile 25.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

webbax/super_newsletter < 1.4.21

Published Mar 03, 2024

Tracked Since Feb 18, 2026