Vulnerability Details CVE-2023-33280
In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.4%
CVSS Severity
CVSS v3 Score 9.8
References
- https://friends-of-presta.github.io/security-advisories/modules/2023/05/25/scquickaccounting.html
- https://www.storecommander.com/en/addons/440-order-export-pro.html
- https://friends-of-presta.github.io/security-advisories/modules/2023/05/25/scquickaccounting.html
- https://www.storecommander.com/en/addons/440-order-export-pro.html
Products affected by CVE-2023-33280
-
cpe:2.3:a:storecommander:quickaccounting:-
-
cpe:2.3:a:storecommander:quickaccounting:3.7.3