Vulnerability Details CVE-2023-46358
In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.2%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-46358
-
cpe:2.3:a:snegurka:referralbyphone:-
-
cpe:2.3:a:snegurka:referralbyphone:3.5.1