CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-47308

In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.3%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2023-11-09-newsletterpop.md
https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2023-11-09-newsletterpop.md

Products affected by CVE-2023-47308

Activedesign » Newsletterpop » Version: 2.3.1

cpe:2.3:a:activedesign:newsletterpop:2.3.1
Activedesign » Newsletterpop » Version: 2.4.53

cpe:2.3:a:activedesign:newsletterpop:2.4.53
Activedesign » Newsletterpop » Version: 2.5.2

cpe:2.3:a:activedesign:newsletterpop:2.5.2
Activedesign » Newsletterpop » Version: 2.6.0

cpe:2.3:a:activedesign:newsletterpop:2.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-47308

Products

Pricing

Contact Us