CVE-2023-30153

Name of the Vulnerable Software and Affected Versions PrestaShop module payplug versions 3.6.0 through 3.7.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the ajax.php front controller, which is vulnerable to SQL injection attacks.

Recommendations For versions 3.6.0 through 3.7.1, consider disabling the ajax.php front controller in the payplug module until a patch is available. Restrict access to the payplug module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.