CVE-2023-27846
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2023-27846 is a newly discovered SQL injection vulnerability that poses a significant threat to PrestaShop's themevolty version 4.0.8 and earlier. This issue permits unauthorized users to gain elevated privileges through specific components, including tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, and tvcmstestimonial. By exploiting this SQL injection vulnerability, remote attackers can manipulate SQL statements and access sensitive data or even take control of affected PrestaShop installations. It is highly recommended that users of these affected versions upgrade to a patched version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.