CVE-2023-46989
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Dec 28, 2023
Updated: Jan 4, 2024
CWE ID 89
Summary
CVE-2023-46989 is a SQL Injection vulnerability affecting the Innovadeluxe Quick Order module for PrestaShop versions prior to 1.4.0. This issue enables local attackers to execute arbitrary code by exploiting a vulnerability in the getProducts() function present in the productlist.php file. By injecting malicious SQL queries, an attacker can manipulate the database and potentially gain control over the affected system. This vulnerability poses a serious threat and requires immediate patching to prevent potential unauthorized access or data breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share