CVE-2023-50026

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 9, 2024

Updated: Jun 7, 2024

CWE ID 89

Summary

CVE-2023-5026 is a critical SQL injection vulnerability affecting the "Multi Accessories Pro" module of PrestaShop versions 5.1.1 and below. An attacker can exploit this flaw in the HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts() method to escalate privileges and gain unauthorized access to sensitive information. By injecting malicious SQL queries, the attacker can manipulate the application's database, potentially leading to data theft, unintended modifications, or system takeover. This vulnerability poses a significant risk to PrestaShop sites using the Multi Accessories Pro module and necessitates immediate patching to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database