CVE-2023-47308
First published: Wed Nov 15 2023(Updated: )
In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Activedesign Newsletterpop | >=2.3.1<=2.4.53 | |
| Activedesign Newsletterpop | >=2.5.2<2.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-47308?
CVE-2023-47308 is a vulnerability in the module "Newsletter Popup PRO with Voucher/Coupon code" for PrestaShop, allowing a guest to perform SQL injection in affected versions.
What is the severity of CVE-2023-47308?
CVE-2023-47308 has a severity rating of 9.8 (Critical).
How can a guest perform SQL injection in affected versions of Newsletter Popup PRO with Voucher/Coupon code?
A guest can perform SQL injection in affected versions by exploiting the method NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription().
Which versions of Newsletter Popup PRO with Voucher/Coupon code are affected by CVE-2023-47308?
Versions 2.3.1 to 2.4.53 and versions 2.5.2 to 2.6.1 of Newsletter Popup PRO with Voucher/Coupon code are affected by CVE-2023-47308.
Is there a fix for CVE-2023-47308?
Yes, updating to version 2.6.1 or newer of Newsletter Popup PRO with Voucher/Coupon code will fix CVE-2023-47308.
- collector/mitre-cve
- collector/nvd-api
- vendor/activedesign
- product/newsletterpop
- canonical/activedesign newsletterpop