19 Oct 2023
Vulnérabilité CVE-2023-43986 CVE Vulnerability
DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. (CVSS:0.0) (Last Update:2023-10-19 19:36:55)
Vulnerability Details :
DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken.
Vulnerability category:Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2023-43986
We don't have an EPSS score for this CVE yet EPSS FAQ
References for CVE-2023-43986
- https://security.friendsofpresta.org/modules/2023/10/19/configurator.html [CVE-2023-43986] Improper neutralization of SQL parameter in DM Concept - Advanced configurator for customized product module for PrestaShop | Friends-Of-Presta Security Advisories
- https://addons.prestashop.com/fr/declinaisons-personnalisation/20343-configurateur-avance-de-produit-sur-mesure-par-etape.html Configurateur avancé de produit sur-mesure par étape