CVE-2023-46989

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-89
View all →

Vulnerability Description

SQL Injection vulnerability in the Innovadeluxe Quick Order module for PrestaShop before v.1.4.0, allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file.

Related Vulnerabilities

CVE-2015-4669

HIGH
CVSS:7.8(High)

The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.

CWE-892015

CVE-2019-12372

HIGH
CVSS:7.8(High)

Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.

CWE-892019

CVE-2019-20573

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685...

CWE-892019

CVE-2019-20574

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August...

CWE-892019

CVE-2019-20591

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July...

CWE-892019

CVE-2019-20592

HIGH
CVSS:7.8(High)

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Story Video Editor Content Provider. The Samsung ID is SVE-2019-14062 (J...

CWE-892019