Sql injection

2023-07-1819:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

payplug module

prestashop

remote attackers

arbitrary sql commands

ajax.php

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.9%

JSON

An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.

CPENameOperatorVersion
payplugge3.6.0
paypluglt3.8.2

CPE	Name	Operator	Version
	payplug	ge	3.6.0
	payplug	lt	3.8.2

References

addons.prestashop.com/en/payment-card-wallet/8795--payplug-accept-customer-payments-wherever-they-are.html

security.friendsofpresta.org/module/2023/07/18/payplug.html