CVE-2023-45386: SQL Injection
First published: Tue Oct 17 2023(Updated: )
In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().'
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mypresta Product Extra Tabs Pro | <2.2.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-45386?
CVE-2023-45386 is a vulnerability in the extratabspro module before version 2.2.8 from MyPresta.eu for PrestaShop that allows a guest to perform SQL injection.
How severe is CVE-2023-45386?
CVE-2023-45386 has a severity rating of 9.8 (Critical).
How can a guest perform SQL injection in CVE-2023-45386?
A guest can perform SQL injection in CVE-2023-45386 through the extratabspro::searchcategory(), extratabspro::searchproduct(), and extratabspro::searchmanufacturer() functions.
What software is affected by CVE-2023-45386?
PrestaShop installations using the extratabspro module before version 2.2.8 from MyPresta.eu are affected by CVE-2023-45386.
Where can I find more information about CVE-2023-45386?
You can find more information about CVE-2023-45386 at this link: https://security.friendsofpresta.org/modules/2023/10/12/extratabspro.html
- collector/nvd-index
- collector/nvd-api
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/weakness
- collector/mitre-cve
- source/MITRE
- vendor/mypresta
- canonical/mypresta product extra tabs pro