CVE-2023-45377

Name of the Vulnerable Software and Affected Versions PrestaShop module "Chronopost Official" (chronopost) (affected versions not specified)

Description The issue allows a guest to perform SQL injection in the "Chronopost Official" module for PrestaShop. The PHP script cancelSkybill.php contains sensitive SQL calls that can be executed with a trivial HTTP call, making it possible to exploit and forge a SQL injection.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.