CVE-2023-46989

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 28, 2023
Updated: Jan 4, 2024
CWE ID 89

Summary

CVE-2023-46989 is a SQL Injection vulnerability affecting the Innovadeluxe Quick Order module for PrestaShop versions prior to 1.4.0. This issue enables local attackers to execute arbitrary code by exploiting a vulnerability in the getProducts() function present in the productlist.php file. By injecting malicious SQL queries, an attacker can manipulate the database and potentially gain control over the affected system. This vulnerability poses a serious threat and requires immediate patching to prevent potential unauthorized access or data breaches.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share