Critical severity9.8NVD Advisory· Published Oct 25, 2023· Updated Jun 17, 2026
CVE-2023-46358
CVE-2023-46358
Description
In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=3.5.1
Patches
Vulnerability mechanics
References
1- security.friendsofpresta.org/modules/2023/10/24/referralbyphone.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.