AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
In the module βProduct Catalog (CSV, Excel, XML) Export PROβ (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::_addDataToDb().
exportProduct::_addDataToDb().
addons.prestashop.com/en/data-import-export/18662-product-catalog-csv-excel-xml-export-pro.html
security.friendsofpresta.org/modules/2023/11/16/exportproducts.html