VYPR

Chronopost Official

by Prestashop

CVEs (1)

  • CVE-2023-45377Nov 22, 2023
    risk 0.00cvss epss 0.01

    In the module "Chronopost Official" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.