SQL injection vulnerability in LeoTheme's Ap Page Builder

Posted date 18/07/2023

Importance

4 - High

Affected Resources

LeoTheme Ap Page Builder, versions prior to 1.7.8.2.

Description

INCIBE has coordinated the publication of a vulnerability affecting LeoTheme Ap Page Builder, which has been discovered by David Manuel Herrera Rodríguez, from Telefónica Tech team.

This vulnerability has been assigned the following code:

CVE-2023-3743

CVSS v3.1 base score: 7.5.
CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Vulnerability type: CWE-89: improper neutralization of special elements used in an SQL command (SQL injection).

Solution

Update Ap Page Builder to the latest available version.

Detail

CVE-2023-3743: this vulnerability could allow a remote user to send a specially crafted SQL query to the product_one_img parameter and retrieve the information stored in the database.

References list

Ap Page Builder Prestashop Module

Etiquetas

0day
Update
CNA
Vulnerability