CyberSec.Space Logo
Back to CVE Browser

CVE-2023-36263

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0550%
EPSS Percentile22.60th
PublishedOct 31, 2023
Last ModifiedJun 12, 2026

Vulnerability Description

Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://security.friendsofpresta.org/modules/2023/10/25/opartlimitquantity.html
🔗 https://security.friendsofpresta.org/modules/2023/10/25/opartlimitquantity.html

Related Vulnerabilities

CVE-2023-11149.8

Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation. This issue affects e-Belediye: from 1.0.0...

CVE-2023-08399.8

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footp...

CVE-2023-09399.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies...

CVE-2023-09799.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows S...