CVE-2023-34577

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 21, 2023

Updated: Sep 23, 2023

CWE ID 89

Summary

CVE-2023-34577 is a newly disclosed SQL injection vulnerability affecting the OpartPlannedPopupModuleFrontController class in Prestashop versions 1.4.11 and older. This issue enables remote attackers to execute arbitrary SQL commands by exploiting the prepareHook() method. Successful exploitation could lead to unauthorized access, data theft, or even system compromise. It is essential for Prestashop users to update their software to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rzabkh
https://www.cve.org/CVERecord?id=CVE-2023-34577
https://nvd.nist.gov/vuln/detail/CVE-2023-34577

Back to Vulnerability Database

CVE-2023-34577

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations