CVE-2023-46348 | SunnyToo sturls up to 1.1.12 on PrestaShop getInstanceId sql injection

Posted by Angelo Barbosa | Dec 14, 2023 | CVE

A vulnerability classified as critical has been found in SunnyToo sturls up to 1.1.12 on PrestaShop. This affects the function StUrls::hookActionDispatcher/StUrls::getInstanceId. The manipulation leads to sql injection.

This vulnerability is uniquely identified as CVE-2023-46348. The attack needs to be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-46348 | SunnyToo sturls up to 1.1.12 on PrestaShop getInstanceId sql injection

Related Posts

CVE-2024-22396 | SonicWall SonicOS IPsec buffer overflow (SNWLID-2024-0004)

CVE-2024-35301 | JetBrains TeamCity prior 2024.03.1 GitHub App Token Scope insufficient permissions or privileges

CVE-2024-39291 | Linux Kernel up to 6.6.32/6.9.3 amdgpu cp_compute_microcode buffer overflow (19bd9537b6bc/f1b6a016dfa4/acce6479e30f)

CVE-2024-40907 | Linux Kernel up to 6.9.5 ionic_tx_clean denial of service (8812aa35f3e9/491aee894a08)