Ebewe - City Autocomplete CVE

Filtered by vendor Ebewe Subscribe

Filtered by product City Autocomplete

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-30149	2 Ebewe, Prestashop	2 City Autocomplete, Prestashop	2023-12-10	N/A	9.8 CRITICAL
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.

Vulnerabilities (CVE)