CVE-2023-23315

Name of the Vulnerable Software and Affected Versions PrestaShop e-commerce platform module stripejs versions up to 4.5.5

Description The issue concerns a Blind SQL injection vulnerability. The method stripejsValidationModuleFrontController::initContent() contains sensitive SQL calls that can be executed and exploited with a trivial HTTP call to forge a SQL injection.

Recommendations For versions up to 4.5.5, as a temporary workaround, consider disabling the stripejsValidationModuleFrontController::initContent() method until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.