Unrated severityNVD Advisory· Published Oct 14, 2023· Updated Sep 17, 2024
CVE-2023-30154
CVE-2023-30154
Description
Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via id_customer, id_conf, id_product and token parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- PrestaShop/AfterMail (aftermailpresta)description
- Range: <2.2.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.