Security Advisory

CVE-2023-30149

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-06-02 00:00:00

Last updated 2025-01-31 14:56:23

Assigner mitre

State PUBLISHED

Description

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.

← Browse all CVEs View on cve.org ↗