CVE-2023-30151
CRITICALBoxtal envoimoinscher < 3.1.10 - SQL Injection via Key GET Parameter
Title source: llmDescription
A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter.
References (3)
Core 3
Core References
Not Applicable
https://addons.prestashop.com/en/shipping-carriers/1755-boxtal-connect-turnkey-shipping-solution.html
Permissions Required, Third Party Advisory
https://help.boxtal.com/hc/fr/articles/360001342977-J-ai-besoin-du-module-PrestaShop-ancienne-version-Boxtal-Envoimoinscher-pour-mon-site
Exploit, Third Party Advisory
https://security.friendsofpresta.org/module/2023/06/20/envoimoinscher.html
Scores
CVSS v3
9.8
EPSS
0.0099
EPSS Percentile
58.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
boxtal/envoimoinscher
< 3.1.10
Published
Jul 13, 2023
Tracked Since
Feb 18, 2026