CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45376
https://notcve.org/view.php?id=CVE-2023-45376
19 Oct 2023 — In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().` En el módulo "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) para PrestaShop hasta la versión 1.5.0 de HiPresta para PrestaShop, un invitado puede realizar una inyección SQL a través de HiCpProductGetter::getViewedProduct().` • https://addons.prestashop.com/en/sliders-galleries/20410-carousels-pack-instagram-products-brands-supplier.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •