CVE-2023-28843

Name of the Vulnerable Software and Affected Versions PrestaShop/paypal versions 3.12.0 through 3.16.3

Description A SQL injection issue allows a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected.

Recommendations For PrestaShop/paypal versions 3.12.0 through 3.16.3, upgrade to module version 3.16.4. As a temporary workaround, consider restricting user input to prevent SQL injection attacks until a patch is available.