In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
References
Link | Resource |
---|---|
https://security.friendsofpresta.org/modules/2023/10/26/csvfeeds-89.html | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-31T00:00:00
Updated: 2023-10-31T03:48:22.449887
Reserved: 2023-10-23T00:00:00
Link: CVE-2023-46356
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-31T04:15:11.257
Modified: 2023-11-08T03:07:09.593
Link: CVE-2023-46356
JSON object: View
Redhat Information
No data.
CWE