AI Score
Confidence
Low
EPSS
Percentile
38.6%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
In the module “Referral and Affiliation Program” (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate
has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.