CVE-2023-46989

HIGH

Innovadeluxe Quick Order < 1.4.0 - SQL Injection via getProducts() Function

Title source: llm
STIX 2.1

Description

SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file.

References (1)

Core 1

Scores

CVSS v3 7.8
EPSS 0.0024
EPSS Percentile 14.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
innovadeluxe/quick_order < 1.4.0
Published Dec 28, 2023
Tracked Since Feb 18, 2026