CVE-2023-45377

Published: 2023-11-22T17:15Z

Last Modified: 2024-11-21T08:26Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt