Lucene search

PRIOn knowledge basePRION:CVE-2023-46350

HistoryFeb 09, 2024 - 8:15 a.m.

Sql injection

2024-02-0908:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

innovadeluxe

manufacturer

supplier

prestashop

vulnerability

remote attackers

privileges

sensitive information

nvd

8.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.1%

JSON

SQL injection vulnerability in InnovaDeluxe “Manufacturer or supplier alphabetical search” (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.

CPENameOperatorVersion
manufacturer_or_supplier_alphabetical_searchlt2.0.5

CPE	Name	Operator	Version
	manufacturer_or_supplier_alphabetical_search	lt	2.0.5

References

security.friendsofpresta.org/modules/2024/02/08/idxrmanufacturer.html