SQL Injection Vulnerability in PrestaShop DPD France Module
CVE-2023-25207

9.8CRITICAL

Key Information:

Vendor: Prestashop
Status: Dpd France
Vendor: CVE Published:; 13 March 2023

What is CVE-2023-25207?

The DPD France module for PrestaShop versions prior to 6.1.3 is susceptible to an SQL Injection attack through the dpdfrance/ajax.php endpoint. This vulnerability could allow an attacker to manipulate database queries, potentially leading to unauthorized access to sensitive data or compromising the integrity of the database. It's essential for users of affected versions to implement patches or upgrade to the latest version to mitigate any associated risks.

References

https://addons.prestashop.com/fr/transporteurs/19414-dpd-...

https://friends-of-presta.github.io/security-advisories/m...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2023
Vulnerability Reserved
Feb 6, 2023

Prestashop

What is CVE-2023-25207?

References

CVSS V3.1

Timeline