virus logo Intrusion Prevention

PrestaShop.Ebewe.City.Autocomplete.Module.SQL.Injection

description-logoDescription

This indicates an attack attempt to exploit an SQL Injection vulnerability in Ébewè's City Autocomplete module for PrestaShop.
The vulnerability is caused by a lack of sanitation on various parameters to the front controller endpoint. As a result, a remote attacker is capable of sending a crafted request to execute SQL commands on the vulnerable system.

affected-products-logoAffected Products

Ébewè's City Autocomplete module versions prior to 1.8.12 for PrestaShop 1.5 and 1.6
Ébewè's City Autocomplete module versions prior to 2.0.3 for PrestaShop 1.7

Impact logoImpact

System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://addons.prestashop.com/en/registration-ordering-process/6097-city-autocomplete-address-autofill.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-03-26 27.755
ID 55099
Created Mar 18, 2024
Updated Apr 17, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2023-30149
Exploit Prediction Score 0.06%
Default Action pass
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app