CVE-2023-45256

{"id": "CVE-2023-45256", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-06-12T17:15:26.507", "references": [{"url": "https://security.friendsofpresta.org/modules/2025/06/10/MoneticoPaiement.html", "source": "cve@mitre.org"}, {"url": "https://www.monetico-paiement.fr/fr/installer/telechargements/kit_telechargeable.aspx?_tabi=I0&_pid=ValidateLicencePage", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php."}, {"lang": "es", "value": "Varias vulnerabilidades de inyecci\u00f3n SQL en el m\u00f3dulo EuroInformation MoneticoPaiement anterior a 1.1.1 para PrestaShop permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro TPE, societe, MAC, referencia o aliascb en transaction.php, validation.php o callback.php."}], "lastModified": "2025-06-17T19:15:25.660", "sourceIdentifier": "cve@mitre.org"}