SQL Injection Vulnerability in PrestaShop ws_productreviews Plugin
CVE-2023-25206

8.8HIGH

Key Information:

Vendor: Prestashop
Status: Advanced Reviews
Vendor: CVE Published:; 14 March 2023

What is CVE-2023-25206?

The ws_productreviews plugin for PrestaShop prior to version 3.6.2 is susceptible to SQL Injection attacks. This weakness enables unauthorized users to manipulate database queries, potentially exposing sensitive data or allowing unwanted changes to the database. It is crucial for users of affected versions to update to the latest release to mitigate the risk of exploitation. For detailed information, refer to the official security advisory from the PrestaShop community.

References

https://addons.prestashop.com/en/customer-reviews/22373-a...

https://friends-of-presta.github.io/security-advisories/m...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2023
Vulnerability Reserved
Feb 6, 2023

Prestashop

What is CVE-2023-25206?

References

CVSS V3.1

Timeline