First published: Tue Oct 31 2023(Updated: )
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Prestashop Opartlimitquantity | <1.4.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Prestashop vulnerability is CVE-2023-36263.
The severity of CVE-2023-36263 is critical (9.8).
Prestashop opartlimitquantity version 1.4.5 and before is affected by CVE-2023-36263.
The CWE ID for this vulnerability is CWE-89.
CVE-2023-36263 can be exploited through a trivial HTTP call that allows for SQL injection.