VYPR

ndk_steppingpack

by Prestashop

CVEs (1)

  • CVE-2023-46347Oct 25, 2023
    risk 0.06cvss epss 0.50

    In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to…