PrestaShop Monetico Module SQL Injection Vulnerability (CVE-2023-45256) Analysis

Key Information Summary Vulnerability Overview CVE ID: CVE-2023-45256 Vulnerability Type: SQL Injection Affected Module: Monetico Paiement module from EuroInformation for PrestaShop Severity: Low (CVSS v3.1: 3.7) Description This vulnerability exists in the Monetico Paiement module due to improper sanitization of SQL parameters. Attackers can execute SQL injection attacks by crafting malicious HTTP requests. Specifically, by injecting malicious SQL code into the , , , and variables, attackers can bypass authentication and gain access to the database. CVSS Base Metrics Attack Vector: Network Attack Complexity: High User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High “Availability Impact”: Low Potential Malicious Uses Access sensitive data Bypass authentication Execute arbitrary SQL commands Patch A patch has been provided, primarily involving proper input validation for the affected variables and secure construction of SQL queries. Additional Recommendations Upgrade the module to the latest version to fix this vulnerability. Regularly update the PrestaShop core and all modules to prevent other potential vulnerabilities. Use secure coding practices, such as parameterized queries, to prevent SQL injection. Timeline 2023-05-17: Vulnerability discovered 2023-05-18: Vulnerability reported to EuroInformation 2023-06-19: Fixed version 1.7.1 released 2023-08-18: CVE ID assigned 2023-10-10: PrestaShop released this vulnerability announcement

Goal Reached Thanks to every supporter — we hit 100%!

PrestaShop Monetico Module SQL Injection Vulnerability (CVE-2023-45256) Analysis