Vulnerability Details CVE-2023-46351
In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.8%
CVSS Severity
CVSS v3 Score 9.8
References
- https://mypresta.eu/modules/front-office-features/manufacturers-brands-images-block.html
- https://security.friendsofpresta.org/modules/2024/01/18/mib.html
- https://mypresta.eu/modules/front-office-features/manufacturers-brands-images-block.html
- https://security.friendsofpresta.org/modules/2024/01/18/mib.html
Products affected by CVE-2023-46351
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:-
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.3.1
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.4.1
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.5.1
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.5.2
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.5.3
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.5.4
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.5.5
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.5.6
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.5.7
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.5.8
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.5.9
-
cpe:2.3:a:mypresta:manufacturers_(brands)_images_block:1.6.0