CVE-2023-27843

Name of the Vulnerable Software and Affected Versions PrestaShop askforaquote versions 5.4.2 and earlier

Description A SQL injection issue allows a remote attacker to gain privileges via the QuotesProduct::deleteProduct component. This enables the attacker to potentially access and manipulate sensitive data. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For PrestaShop askforaquote versions 5.4.2 and earlier, consider disabling the QuotesProduct::deleteProduct component until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.