CVE-2023-28843

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28843
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28843.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28843
Related
  • GHSA-66pc-8gh8-mx7m
Published
2023-03-31T18:15:07Z
Modified
2025-02-06T08:51:26.228708Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/202ecommerce/paypal

Affected ranges

Type
GIT
Repo
https://github.com/202ecommerce/paypal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

3.*

3.10.2
3.11.3
3.11.4
3.11.5
3.11.6
3.11.7
3.12.0
3.12.1
3.12.2
3.13.0
3.13.1
3.14.0
3.14.1
3.14.2
3.15.0
3.15.1
3.16.0
3.16.1
3.16.2
3.16.3
3.8.3
3.8.4