CVE-2023-30839

CRITICAL

PrestaShop < 1.7.8.9 and 8.0.0-8.0.4 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-30839. PoCs published by drkbcn.

AI-analyzed exploit summary This repository provides a PrestaShop module to patch CVE-2023-30545, CVE-2023-30838, and CVE-2023-30839. It includes a module that applies patches to vulnerable files and reverts them upon uninstallation.

Description

PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.

Exploits (1)

nomisec WRITEUP
by drkbcn · poc
https://github.com/drkbcn/lblfixer_cve_2023_30839

This repository provides a PrestaShop module to patch CVE-2023-30545, CVE-2023-30838, and CVE-2023-30839. It includes a module that applies patches to vulnerable files and reverts them upon uninstallation.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: PrestaShop <1.7.8.9
Auth required
Prerequisites: PrestaShop installation with admin access
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.9
EPSS 0.0456
EPSS Percentile 89.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
prestashop/prestashop < 1.7.8.9
prestashop/prestashop 8.0.0 - 8.0.4Packagist
Published Apr 25, 2023
Tracked Since Feb 18, 2026