CVE-2023-41507

CRITICAL

Super Store Finder <3.6 - SQL Injection

Title source: llm

Description

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.

Exploits (1)

nomisec WRITEUP

by redblueteam · poc

https://github.com/redblueteam/CVE-2023-41507

View Code ZIP pw:eip

References (2)

[Exploit, Release Notes, Third Party Advisory] https://github.com/redblueteam/CVE-2023-41507/

[Release Notes] https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/

Scores

CVSS v3 9.8

EPSS 0.0051

EPSS Percentile 66.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

superstorefinder/super_store_finder 3.6

Published Sep 05, 2023

Tracked Since Feb 18, 2026