CVE-2023-28839

Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.4 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
GitHub_MCNA
9.4 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
shoppingfeedshoppingfeed
1.4.0 ≤
𝑥
< 1.8.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/shoppingflux/module-prestashop/pull/209
https://github.com/shoppingflux/module-prestashop/security/advisories/GHSA-vfmq-w777-qvcf
https://github.com/shoppingflux/module-prestashop/pull/209
https://github.com/shoppingflux/module-prestashop/security/advisories/GHSA-vfmq-w777-qvcf