Lucene search

MitreVULNRICHMENT:CVE-2023-45387

HistoryNov 17, 2023 - 12:00 a.m.

CVE-2023-45387

2023-11-1700:00:00

mitre

github.com

sql injection

product catalog

csv

excel

xml

export pro

myprestamodules

prestashop

cve-2023-45387

AI Score

7.9

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

total

JSON

In the module “Product Catalog (CSV, Excel, XML) Export PRO” (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::_addDataToDb().

References

addons.prestashop.com/en/data-import-export/18662-product-catalog-csv-excel-xml-export-pro.html

security.friendsofpresta.org/modules/2023/11/16/exportproducts.html