CVE-2023-30153

CRITICAL

Payplug 3.6.0-3.7.1 - SQL Injection via ajax.php Front Controller

Title source: llm
STIX 2.1

Description

An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.

Scores

CVSS v3 9.8
EPSS 0.0078
EPSS Percentile 51.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
prestashop/payplug 3.6.0 - 3.8.2
Published Jul 18, 2023
Tracked Since Feb 18, 2026