SQL Injection Vulnerability in Prestashop's Posstaticfooter Plugin
CVE-2023-30194

9.8CRITICAL

Key Information:

Vendor: Prestashop
Status: Poststaticfooter
Vendor: CVE Published:; 10 May 2023

What is CVE-2023-30194?

The Posstaticfooter plugin for Prestashop, specifically versions up to 1.0.0, is susceptible to an SQL Injection attack triggered through the getPosCurrentHook() function. This vulnerability allows attackers to manipulate database queries, potentially leading to unauthorized access to sensitive data and impacting the overall security of the affected system. It is crucial for users of the plugin to review their installations and apply necessary security patches to mitigate this risk.

References

https://themeforest.net/user/posthemes/portfolio

https://friends-of-presta.github.io/security-advisories/m...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2023
Vulnerability Reserved
Apr 7, 2023