CVE-2023-47308
15.11.2023, 01:15
In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Vendor | Product | Version |
---|---|---|
activedesign | newsletterpop | 2.3.1 ≤ 𝑥 ≤ 2.4.53 |
activedesign | newsletterpop | 2.5.2 ≤ 𝑥 < 2.6.1 |
𝑥
= Vulnerable software versions