Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-30149

Published: 02/06/2023 Updated: 12/06/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Ebewe

Vulnerability Summary

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or before 2.0.3 (for PrestaShop version 1.7), allows remote malicious users to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.

Vulnerable Product Search on Vulmon Subscribe to Product

ebewe city_autocomplete

References

CWE-89https://friends-of-presta.github.io/security-advisories/module/2023/06/01/cityautocomplete.htmlhttps://addons.prestashop.com/fr/inscription-processus-de-commande/6097-city-autocomplete.htmlhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook