CyberSec.Space Logo
CVEブラウザに戻る

CVE-2023-36263

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0550%
EPSS Percentile22.60th
Published2023年10月31日
Last Modified2026年6月12日

Vulnerability Description

Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://security.friendsofpresta.org/modules/2023/10/25/opartlimitquantity.html
🔗 https://security.friendsofpresta.org/modules/2023/10/25/opartlimitquantity.html

関連する脆弱性情報

CVE-2023-343629.8

MOVEit Transfer SQL Injection vulnerability allows unauthenticated attackers to gain unauthorized access to MOVEit Transfer's data...

CVE-2023-08399.8

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footp...

CVE-2023-09399.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies...

CVE-2023-11149.8

Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation. This issue affects e-Belediye: from 1.0.0...