CVE-2023-26859

2023-07-2600:00:00

mitre

www.cve.org

prestashop

sql injection

cve-2023-26859

ajaxordertracking.php

remote attacker

gain privileges

EPSS

0.001

Percentile

43.6%

JSON

SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component.

References

addons.prestashop.com/en/newsletter-sms/8300-sendinblue-all-in-one-marketing-tool.html

security.friendsofpresta.org/modules/2023/07/25/sendinblue.html

EPSS

0.001

Percentile

43.6%

JSON

Related for CVELIST:CVE-2023-26859