CVE-2023-30153: SQL Injection
First published: Tue Jul 18 2023(Updated: )
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PrestaShop Payplug | >=3.6.0<3.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-30153?
CVE-2023-30153 is an SQL injection vulnerability in the Payplug module for PrestaShop.
What is the severity of CVE-2023-30153?
The severity of CVE-2023-30153 is critical with a CVSS score of 9.8.
Which versions of PrestaShop are affected by CVE-2023-30153?
Versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0, and 3.7.1 of PrestaShop are affected by CVE-2023-30153.
How can a remote attacker exploit CVE-2023-30153?
A remote attacker can exploit CVE-2023-30153 by executing arbitrary SQL commands via the ajax.php front controller.
What is the fix for CVE-2023-30153?
To fix CVE-2023-30153, update to PrestaShop version 3.8.2 or higher.
- collector/nvd-latest
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/remedy
- agent/event
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/prestashop
- canonical/prestashop payplug
- version/prestashop payplug/3.6.0