Vulnerability Details CVE-2023-27843
SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.2%
CVSS Severity
CVSS v3 Score 9.8
References
- https://addons.prestashop.com/en/quotes/3725-ask-for-a-quote-convert-to-order-messaging-system.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/04/25/askforaquote.html
- https://addons.prestashop.com/en/quotes/3725-ask-for-a-quote-convert-to-order-messaging-system.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/04/25/askforaquote.html
Products affected by CVE-2023-27843
-
cpe:2.3:a:ask_for_a_quote_project:ask_for_a_quote:*