CVE-2023-36263

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
31/10/2023
Last modified:
12/06/2026

Description

Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:store-opart:op\'art_limit_quantity:*:*:*:*:*:prestashop:*:* 1.4.6 (excluding)