Vulnerability Details CVE-2023-30153
An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.1%
CVSS Severity
CVSS v3 Score 9.8
References
- https://addons.prestashop.com/en/payment-card-wallet/8795--payplug-accept-customer-payments-wherever-they-are.html
- https://security.friendsofpresta.org/module/2023/07/18/payplug.html
- https://addons.prestashop.com/en/payment-card-wallet/8795--payplug-accept-customer-payments-wherever-they-are.html
- https://security.friendsofpresta.org/module/2023/07/18/payplug.html
Products affected by CVE-2023-30153
-
cpe:2.3:a:prestashop:payplug:3.6.0
-
cpe:2.3:a:prestashop:payplug:3.6.1
-
cpe:2.3:a:prestashop:payplug:3.6.2
-
cpe:2.3:a:prestashop:payplug:3.6.3
-
cpe:2.3:a:prestashop:payplug:3.7.0