CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45376
https://notcve.org/view.php?id=CVE-2023-45376
In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via HiCpProductGetter::getViewedProduct().` En el módulo "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) para PrestaShop hasta la versión 1.5.0 de HiPresta para PrestaShop, un invitado puede realizar una inyección SQL a través de HiCpProductGetter::getViewedProduct().` • https://addons.prestashop.com/en/sliders-galleries/20410-carousels-pack-instagram-products-brands-supplier.html https://security.friendsofpresta.org/modules/2023/10/19/hicarouselspack.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •