CVE-2023-27846

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 31, 2023
Updated: Nov 8, 2023
CWE ID 89

Summary

CVE-2023-27846 is a newly discovered SQL injection vulnerability that poses a significant threat to PrestaShop's themevolty version 4.0.8 and earlier. This issue permits unauthorized users to gain elevated privileges through specific components, including tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, and tvcmstestimonial. By exploiting this SQL injection vulnerability, remote attackers can manipulate SQL statements and access sensitive data or even take control of affected PrestaShop installations. It is highly recommended that users of these affected versions upgrade to a patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share