Vulnerability — CVE-2023-30149

CVE-2023-30149

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-30149
Description:: SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.
Last updated date:: 06/12/2023

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/12/2023
Reference url to background: https://friends-of-presta.github.io/security-advisories/module/2023/06/01/cityautocomplete.html