Описание
In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method productsUpdateModel::getExportIds() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.8.5 (исключая)
cpe:2.3:a:myprestamodules:updateproducts:*:*:*:*:*:prestashop:*:*
EPSS
Процентиль: 20%
0.00066
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
EPSS
Процентиль: 20%
0.00066
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89