VYPR

Step by Step products Pack

by Ndk Design

CVEs (1)

  • CVE-2023-46347CriOct 25, 2023
    risk 0.68cvss 9.8epss 0.50

    In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to…