SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.
References
Link | Resource |
---|---|
https://addons.prestashop.com/en/quotes/3725-ask-for-a-quote-convert-to-order-messaging-system.html | Product |
https://friends-of-presta.github.io/security-advisories/modules/2023/04/25/askforaquote.html | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-04-25T00:00:00
Updated: 2023-04-25T00:00:00
Reserved: 2023-03-05T00:00:00
Link: CVE-2023-27843
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-26T00:15:09.267
Modified: 2023-05-04T19:27:59.923
Link: CVE-2023-27843
JSON object: View
Redhat Information
No data.
CWE