{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T07:48:15.072","vulnerabilities":[{"cve":{"id":"CVE-2023-45899","sourceIdentifier":"cve@mitre.org","published":"2023-10-31T02:15:07.957","lastModified":"2024-11-21T08:27:35.317","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call."},{"lang":"es","value":"Un problema en el componente SuperUserSetuserModuleFrontController:init() de idnovate superuser anterior a v2.4.2 permite a los atacantes omitir la autenticación mediante una llamada HTTP manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:idnovate:superuser:*:*:*:*:*:prestashop:*:*","versionStartIncluding":"2.3.5","versionEndExcluding":"2.4.2","matchCriteriaId":"E70099EC-6137-4AF7-B337-3ABFAE8A2812"}]}]}],"references":[{"url":"https://security.friendsofpresta.org/modules/2023/10/26/superuser.html","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://security.friendsofpresta.org/modules/2023/10/26/superuser.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}