This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: SQL Injection in PrestaShop module `opartdevis`. <br>π₯ **Consequences**: Attackers can execute arbitrary code via the `getModuleTranslation` function.β¦
π‘οΈ **Root Cause**: Improper input validation in the `getModuleTranslation` function. <br>β οΈ **Flaw**: Allows remote attackers to inject malicious SQL scripts. (CWE ID not specified in data).
Q3Who is affected? (Versions/Components)
π¦ **Affected**: PrestaShop versions using `opartdevis` module. <br>π **Range**: v4.5.18 to v4.6.12. <br>π’ **Vendor**: PrestaShop (US-based e-commerce solution).
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Remote code execution potential. <br>πΎ **Data**: High impact on Confidentiality, Integrity, and Availability (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
π **Public Exp**: No specific PoC provided in the data. <br>π **Ref**: See [Friends of Presta](https://security.friendsofpresta.org/modules/2023/11/23/opartdevis.html) for details.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for `opartdevis` module in versions 4.5.18-4.6.12. <br>π΅οΈ **Detection**: Look for SQL injection vectors in `getModuleTranslation` API calls.