Vulnerability Description
Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Shoppingfeed | Shoppingfeed | >= 1.4.0, < 1.8.3 |
Related Weaknesses (CWE)
References
- https://github.com/shoppingflux/module-prestashop/pull/209Patch
- https://github.com/shoppingflux/module-prestashop/security/advisories/GHSA-vfmq-PatchVendor Advisory
- https://github.com/shoppingflux/module-prestashop/pull/209Patch
- https://github.com/shoppingflux/module-prestashop/security/advisories/GHSA-vfmq-PatchVendor Advisory
FAQ
What is CVE-2023-28839?
CVE-2023-28839 is a vulnerability with a CVSS score of 9.4 (CRITICAL). Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due...
How severe is CVE-2023-28839?
CVE-2023-28839 has been rated CRITICAL with a CVSS base score of 9.4/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-28839?
Check the references section above for vendor advisories and patch information. Affected products include: Shoppingfeed Shoppingfeed.