Sql injection

2023-06-0215:15:00

PRIOn knowledge base

www.prio-n.com

vulnerability

sql injection

city autocomplete

ebewe.net

prestashop

remote attackers

arbitrary sql commands

autocompletion.php

nvd

0.001 Low

EPSS

Percentile

46.6%

JSON

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.

CPENameOperatorVersion
city_autocompletelt1.8.12
city_autocompletelt2.0.3

CPE	Name	Operator	Version
	city_autocomplete	lt	1.8.12
	city_autocomplete	lt	2.0.3

References

addons.prestashop.com/fr/inscription-processus-de-commande/6097-city-autocomplete.html

friends-of-presta.github.io/security-advisories/module/2023/06/01/cityautocomplete.html

0.001 Low

EPSS

Percentile

46.6%

JSON

Related for PRION:CVE-2023-30149