CVE-2023-45256

MEDIUM

Multiple SQL Injection - SQL Injection

Title source: llm
STIX 2.1

Description

Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php.

Scores

CVSS v3 5.4
EPSS 0.0022
EPSS Percentile 12.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Published Jun 12, 2025
Tracked Since Feb 18, 2026