In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-01-19T00:00:00
Updated: 2024-08-02T22:09:49.814Z
Reserved: 2023-12-04T00:00:00
Link: CVE-2023-50030
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-19T14:15:12.453
Modified: 2024-01-25T17:10:31.103
Link: CVE-2023-50030
Redhat
No data.