Описание
In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP cancelSkybill.php own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP cancelSkybill.php own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Связанные уязвимости
CVSS3: 9.8
nvd
около 2 лет назад
In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.