CVE-2023-45378

Name of the Vulnerable Software and Affected Versions PrestaBlog versions 4.4.7 and earlier

Description The issue allows a guest to perform SQL injection in the PrestaBlog module for PrestaShop. Specifically, the script ajax slider positions.php contains a sensitive SQL call that can be executed and exploited with a trivial HTTP call to forge a SQL injection.

Recommendations For PrestaBlog versions 4.4.7 and earlier, consider restricting access to the ajax slider positions.php script until a patch is available. As a temporary workaround, avoid using the sensitive SQL call in the script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.