漏洞描述
Snegurka for PrestaShop模块中的“Referral and Affiliation Program”(推荐和联盟计划)版本3.5.1及之前版本中存在漏洞。通过在方法'ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate'中执行敏感的SQL调用,攻击者可以利用简单的HTTP请求进行SQL注入攻击,从而伪造SQL查询并获取敏感信息。
PrestaShop SQL 注入漏洞(CVE-2023-46358)
PoC代码
暂无相关漏洞推荐
- PrestaShop tshirtecommerce /tshirtecommerce/fonts.php 目录遍历漏洞(CVE-2023-27640)
- PrestaShop MyPrestaModules send.php 信息泄露漏洞(CVE-2023-39677)
- PrestaShop /module/xipblog/archive SQL 注入漏洞(CVE-2023-27847)
- PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞(CVE-2023-27637)
- PrestaShop /module/askforaquote/QuotesCart SQL 注入漏洞(CVE-2023-27843)
- POC CVE-2018-10942: Prestashop AttributeWizardPro Module - Arbitrary File Upload
- POC CVE-2018-8823: PrestaShop Responsive Mega Menu Module - Remote Code Execution
- POC CVE-2020-26248: PrestaShop Product Comments <4.2.0 - SQL Injection
- POC CVE-2021-3110: PrestaShop 1.7.7.0 - SQL Injection
- POC CVE-2021-36748: PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection
- POC CVE-2021-37538: PrestaShop SmartBlog <4.0.6 - SQL Injection
- POC CVE-2022-22897: PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection
- POC CVE-2023-27032: PrestaShop AdvancedPopupCreator - SQL Injection