PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the application’s lack of validation of externally entered SQL statements. A remote attacker can exploit this vulnerability to elevate privileges and obtain sensitive information via the BaproductzoommagnifierZoomModuleFrontController::run() method.
CPE | Name | Operator | Version |
---|---|---|---|
prestashop prestashop | le | 1.0.16 |