1 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function. Vulnerabilidad de inyección SQL en Webkul Bundle Product 6.0.1 permite a un atacante remoto ejecutar código arbitrario a través de los parámetros id_product en la función UpdateProductQuantity. • https://medium.com/%40nasir.synack/uncovering-critical-vulnerability-cve-2023-51210-in-prestashop-plugin-bundle-product-pack-ad7fb08bdc91 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •