CVE-2023-45377

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 22, 2023

Updated: Nov 30, 2023

CWE ID 89

Summary

CVE-2023-45377 is a new vulnerability affecting the "Chronopost Official" module in PrestaShop. Maliciously crafted HTTP requests can be used to execute SQL injection attacks against the `cancelSkybill.php` script. The vulnerable script contains sensitive SQL calls, allowing an unauthenticated guest to manipulate the database and potentially gain unauthorized access to sensitive data. This issue represents a significant security risk for PrestaShop installations using the Chronopost module and should be addressed promptly through available patches or upgrades.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/s8JcG7
https://www.cve.org/CVERecord?id=CVE-2023-45377
https://nvd.nist.gov/vuln/detail/CVE-2023-45377

Back to Vulnerability Database

CVE-2023-45377

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations