Vulnerability Details CVE-2023-45376
In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().`
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.5%
CVSS Severity
CVSS v3 Score 9.8
References
- https://addons.prestashop.com/en/sliders-galleries/20410-carousels-pack-instagram-products-brands-supplier.html
- https://security.friendsofpresta.org/modules/2023/10/19/hicarouselspack.html
- https://addons.prestashop.com/en/sliders-galleries/20410-carousels-pack-instagram-products-brands-supplier.html
- https://security.friendsofpresta.org/modules/2023/10/19/hicarouselspack.html
Products affected by CVE-2023-45376
-
cpe:2.3:a:hipresta:carousels_pack:1.5.0