Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.
References
| Link | Resource |
|---|---|
| https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html | Patch Third Party Advisory |
| https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html - Patch, Third Party Advisory |
05 Oct 2023, 15:17
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Themevolty
Themevolty theme Volty Cms Category Chain Slider |
|
| References | (MISC) https://security.friendsofpresta.org/modules/2023/09/26/tvcmscategorychainslider.html - Patch, Third Party Advisory | |
| CPE | cpe:2.3:a:themevolty:theme_volty_cms_category_chain_slider:*:*:*:*:*:prestashop:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CWE | CWE-89 |
03 Oct 2023, 23:55
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-03 22:15
Updated : 2024-11-21 08:15
NVD link : CVE-2023-39646
Mitre link : CVE-2023-39646
CVE.ORG link : CVE-2023-39646
JSON object : View
Products Affected
themevolty
- theme_volty_cms_category_chain_slider
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')