SQL Injection Vulnerability in Boxtal's PrestaShop Module
CVE-2023-30151

9.8CRITICAL

Key Information:

Vendor: Prestashop
Status: Prestashop
Vendor: CVE Published:; 13 July 2023

What is CVE-2023-30151?

The Boxtal (envoimoinscher) module for PrestaShop has a SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands through the key GET parameter. This issue affects versions after 3.1.10, posing significant security risks for online stores utilizing this module. Attackers can exploit the vulnerability to manipulate database queries, potentially compromising sensitive data and the overall integrity of the e-commerce platform.

References

https://help.boxtal.com/hc/fr/articles/360001342977-J-ai-...

https://addons.prestashop.com/en/shipping-carriers/1755-b...

https://security.friendsofpresta.org/module/2023/06/20/en...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
Apr 7, 2023

Prestashop

What is CVE-2023-30151?

References

CVSS V3.1

Timeline