CRITICAL🇵🇱 Wersja polska

CVE-2023-30149

CVSS 9.8v3.1pub. 2023-06-02upd. 2025-01-31

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ebewe City Autocomplete

    APP
    Ebewe
    < 1.8.12< 2.0.3
  • Prestashop

    APP
    Prestashop
    1.5.0.01.6.0.01.7.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-34716CRITICAL9.6PL ✓ten sam produkt

XSS w PrestaShop umożliwiający przejęcie sesji administratora

CVE-2023-39526CRITICAL9.1ten sam produkt

PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vuln...

CVE-2023-30839CRITICAL9.9ten sam produkt

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL fil...

CVE-2022-31181CRITICAL9.8ten sam produkt

PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is s...

CVE-2022-21686CRITICAL9.0ten sam produkt

PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8....