Vulnerability Details CVE-2023-33278
In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.3%
CVSS Severity
CVSS v3 Score 9.8
References
- https://friends-of-presta.github.io/security-advisories/modules/2023/05/25/scexportcustomers.html
- https://www.storecommander.com/en/addons/480-customer-export-pro.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/05/25/scexportcustomers.html
- https://www.storecommander.com/en/addons/480-customer-export-pro.html
Products affected by CVE-2023-33278
-
cpe:2.3:a:storecommander:customers_export:-
-
cpe:2.3:a:storecommander:customers_export:3.6.1