In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-31T00:00:00

Updated: 2024-09-05T19:08:16.767Z

Reserved: 2023-10-23T00:00:00

Link: CVE-2023-46356

cve-icon Vulnrichment

Updated: 2024-08-02T20:45:41.322Z

cve-icon NVD

Status : Modified

Published: 2023-10-31T04:15:11.257

Modified: 2024-11-21T08:28:21.563

Link: CVE-2023-46356

cve-icon Redhat

No data.