nvd-json-data-feeds/CVE-2023/CVE-2023-463xx/CVE-2023-46357.json

{
  "id": "CVE-2023-46357",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-11-22T18:15:08.797",
  "lastModified": "2023-11-22T19:00:49.717",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "In the module \"Cross Selling in Modal Cart\" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection."
    },
    {
      "lang": "es",
      "value": "En el m\u00f3dulo \"Cross Selling in Modal Cart\" (motivationsale) &lt; 3.5.0 de MyPrestaModules para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL. El m\u00e9todo `motivationsaleDataModel::getProductsByIds()` tiene llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://addons.prestashop.com/fr/ventes-croisees-packs-produits/16122-cross-selling-in-modal-cart.html",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://security.friendsofpresta.org/modules/2023/11/21/motivationsale.html",
      "source": "cve@mitre.org"
    }
  ]
}
Auto-Update: 2023-11-22T19:00:19.986892+00:00 2023-11-22 19:00:23 +00:00			`{`
			`"id": "CVE-2023-46357",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2023-11-22T18:15:08.797",`
Auto-Update: 2023-11-22T21:00:21.994874+00:00 2023-11-22 21:00:25 +00:00			`"lastModified": "2023-11-22T19:00:49.717",`
			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2023-11-22T19:00:19.986892+00:00 2023-11-22 19:00:23 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "In the module \"Cross Selling in Modal Cart\" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection."
Auto-Update: 2023-11-22T21:00:21.994874+00:00 2023-11-22 21:00:25 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "En el m\u00f3dulo \"Cross Selling in Modal Cart\" (motivationsale) < 3.5.0 de MyPrestaModules para PrestaShop, un invitado puede realizar una inyecci\u00f3n SQL. El m\u00e9todo `motivationsaleDataModel::getProductsByIds()` tiene llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL."
Auto-Update: 2023-11-22T19:00:19.986892+00:00 2023-11-22 19:00:23 +00:00			`}`
			`],`
			`"metrics": {},`
			`"references": [`
			`{`
			`"url": "https://addons.prestashop.com/fr/ventes-croisees-packs-produits/16122-cross-selling-in-modal-cart.html",`
			`"source": "cve@mitre.org"`
			`},`
			`{`
			`"url": "https://security.friendsofpresta.org/modules/2023/11/21/motivationsale.html",`
			`"source": "cve@mitre.org"`
			`}`
			`]`
			`}`