CVE-2023-46914

CRITICAL

RM bookingcalendar < 2.7.9 - SQL Injection via ics_export.php

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0080
EPSS Percentile 52.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
bookingcalendar_project/bookingcalendar < 2.7.9
Published Feb 07, 2024
Tracked Since Feb 18, 2026