CVE-2023-40920

Name of the Vulnerable Software and Affected Versions Prixan prixanconnect versions up to v1.62

Description The issue is related to a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). This vulnerability allows for the injection of malicious SQL code, potentially leading to unauthorized access or modification of data.

Recommendations For versions up to v1.62, as a temporary workaround, consider disabling the CartsGuruCatalogModuleFrontController::importProducts() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.