CVE-2023-39646 - OpenCVE

Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Themevolty	Theme Volty Cms Category Chain Slider

Configuration 1 [-]

cpe:2.3:a:themevolty:theme_volty_cms_category_chain_slider:*:*:*:*:*:prestashop:*:*

References

Link	Resource
https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-03T00:00:00

Updated: 2023-10-03T21:55:48.068758

Reserved: 2023-08-07T00:00:00

Link: CVE-2023-39646

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-03T22:15:10.263

Modified: 2023-10-05T15:17:38.827

Link: CVE-2023-39646

JSON object: View

Redhat Information

No data.

CWE

CWE-89