CVE-2023-39646

Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
themevoltytheme_volty_cms_category_chain_slider
𝑥
≤ 4.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html
https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html