In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-31T00:00:00
Updated: 2024-09-05T19:08:16.767Z
Reserved: 2023-10-23T00:00:00
Link: CVE-2023-46356
Vulnrichment
Updated: 2024-08-02T20:45:41.322Z
NVD
Status : Modified
Published: 2023-10-31T04:15:11.257
Modified: 2024-11-21T08:28:21.563
Link: CVE-2023-46356
Redhat
No data.