Vulnerability Description
SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Save Your Carts And Buy Later Or Send It Project | Save Your Carts And Buy Later Or Send It | <= 1.0.3 |
Related Weaknesses (CWE)
References
- https://addons.prestashop.com/en/order-management/45282-save-your-carts-and-buy-Product
- https://friends-of-presta.github.io/security-advisories/modules/2023/04/04/lgbudExploitPatchThird Party Advisory
- https://addons.prestashop.com/en/order-management/45282-save-your-carts-and-buy-Product
- https://friends-of-presta.github.io/security-advisories/modules/2023/04/04/lgbudExploitPatchThird Party Advisory
FAQ
What is CVE-2023-26860?
CVE-2023-26860 is a vulnerability with a CVSS score of 8.8 (HIGH). SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component.
How severe is CVE-2023-26860?
CVE-2023-26860 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26860?
Check the references section above for vendor advisories and patch information. Affected products include: Save Your Carts And Buy Later Or Send It Project Save Your Carts And Buy Later Or Send It.