CVE-2023-45375

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 17, 2023

Updated: Oct 23, 2023

CWE ID 89

Summary

CVE-2023-45375: A SQL injection vulnerability has been identified in the "PireosPay" module, version 1.7.10 and below, of the PrestaShop e-commerce platform from 01generator.com. This issue lies in the `PireosPayValidationModuleFrontController::postProcess()` function, which allows unauthenticated guests to inject malicious SQL queries. Successful exploitation could result in unauthorized access to sensitive data or the ability to execute arbitrary code within the affected system. This vulnerability highlights the importance of keeping software up to date to protect against security threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s8JcHL
https://www.cve.org/CVERecord?id=CVE-2023-45375
https://nvd.nist.gov/vuln/detail/CVE-2023-45375

Back to Vulnerability Database

CVE-2023-45375

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations