CVE-2023-46353

Name of the Vulnerable Software and Affected Versions Product Tag Icons Pro versions prior to 1.8.4

Description A guest can perform SQL injection in the module Product Tag Icons Pro for PrestaShop. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial HTTP call and exploited to forge a SQL injection.

Recommendations For versions prior to 1.8.4, update to version 1.8.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the TiconProduct::getTiconByProductAndTicon() method until a patch is available.