PrestaShop.Ebewe.City.Autocomplete.Module.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection vulnerability in Ébewè's City Autocomplete module for PrestaShop.
The vulnerability is caused by a lack of sanitation on various parameters to the front controller endpoint. As a result, a remote attacker is capable of sending a crafted request to execute SQL commands on the vulnerable system.
Affected Products
Ébewè's City Autocomplete module versions prior to 1.8.12 for PrestaShop 1.5 and 1.6
Ébewè's City Autocomplete module versions prior to 2.0.3 for PrestaShop 1.7
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://addons.prestashop.com/en/registration-ordering-process/6097-city-autocomplete-address-autofill.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2024-03-26 | 27.755 |