CVE-2023-50030
- Reference to the description:
- Description:
- In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.
- Last updated date:
- 01/25/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/25/2024
- Reference url to background
https://security.friendsofpresta.org/modules/2024/01/16/jmssetting.html