CVE-2023-46353: SQL Injection
First published: Wed Dec 06 2023(Updated: )
In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mypresta Product Tag Icons Pro | <1.8.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2023-46353.
What is the title of this vulnerability?
The title of this vulnerability is 'In the module Product Tag Icons Pro (ticons) before 1.8.4 from MyPresta.eu for PrestaShop a guest can perform SQL injection'.
What is the severity of CVE-2023-46353?
The severity of CVE-2023-46353 is critical with a score of 9.8.
What software is affected by this vulnerability?
The affected software is 'Product Tag Icons Pro' (ticons) before version 1.8.4 from MyPresta.eu for PrestaShop.
How can the SQL injection vulnerability be exploited?
The SQL injection vulnerability can be exploited by making a trivial HTTP call to execute sensitive SQL calls in the method TiconProduct::getTiconByProductAndTicon().
- collector/nvd-api
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mypresta
- canonical/mypresta product tag icons pro