PrestaShop Easy Redirect Vulnerable to SQL Injection
CVE-2023-50061

9.8CRITICAL

Key Information:

Vendor: PrestaShop
Status: Op\'art Easy Redirect
Vendor: CVE Published:; 8 February 2024

What is CVE-2023-50061?

The PrestaShop Op'art Easy Redirect versions ranging from 1.3.8 to 1.3.12 are affected by an SQL Injection vulnerability through the Oparteasyredirect::hookActionDispatcher() function. By exploiting this flaw, an attacker can manipulate database queries by injecting malicious SQL code, potentially compromising sensitive information. Retailers using this module are at risk of unauthorized access and data breaches, emphasizing the importance of upgrading to a patched version to safeguard their online stores against such security threats.

References

https://www.store-opart.fr/p/39-module-redirection-presta...

https://security.friendsofpresta.org/modules/2024/02/08/o...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 8, 2024
Vulnerability Reserved
Dec 4, 2023