VYPR

Referralbyphone

by WordPress

CVEs (1)

  • CVE-2023-46358CriOct 25, 2023
    risk 0.64cvss 9.8epss 0.01

    In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be…