CVE-2023-48188

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 27, 2023

Updated: Dec 1, 2023

CWE ID 89

Summary

CVE-2023-48188 is a newly disclosed SQL injection vulnerability affecting the opartdevis module in PrestaShop versions 4.5.18 through 4.6.12. A remote attacker can exploit this flaw by submitting specially crafted scripts to the getModuleTranslation function. Successful exploitation allows the attacker to execute arbitrary code, which could lead to serious security consequences, including unauthorized access, data theft, or system compromise. It is strongly recommended that users of the affected versions upgrade to a patched release as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tYopzr
https://www.cve.org/CVERecord?id=CVE-2023-48188
https://nvd.nist.gov/vuln/detail/CVE-2023-48188

Back to Vulnerability Database

CVE-2023-48188

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations