CVE-2023-28839 CRITICAL

CVE-2023-28839: Improper neutralization in an SQL query in Shoppingfeed

Vendor Shoppingflux

Product module-prestashop

Weakness CWE-89 · SQLi

Published April 18, 2023

Last update February 5, 2025

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due to a lack of input sanitization. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this issue.

Key dates

02Disclosure timeline

April 18, 2023 CVE published

February 5, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-28839 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2023-28839: Improper neutralization in an SQL query in Shoppingfeed

01Description

02Disclosure timeline

03References

04Related CVE