CVE-2023-28839

CVSS V2 None CVSS V3 None

Description

Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.

Overview

CVE ID
CVE-2023-28839

Assigner
security-advisories@github.com

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-18T21:15:09

Last Modified Date
2023-04-18T21:25:05

Weakness Enumerations

CWE	URL
CWE-89	http://cwe.mitre.org/data/definitions/89.html

References

Reference URL	Reference Tags
https://github.com/shoppingflux/module-prestashop/pull/209
https://github.com/shoppingflux/module-prestashop/security/advisories/GHSA-vfmq-w777-qvcf

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-28839
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28839

History

Created	Old Value	New Value	Data Type	Notes
2023-04-19 00:01:03				Added to TrackCVE
2023-04-19 00:01:05			Weakness Enumeration	new
2023-04-25 16:01:33	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated