CVE-2023-46989

Name of the Vulnerable Software and Affected Versions Innovadeluxe Quick Order module for PrestaShop versions prior to 1.4.0

Description The issue allows local attackers to execute arbitrary code via the getProducts() function in the productlist.php file. This is a SQL Injection vulnerability, which means an attacker can inject malicious SQL code to manipulate the database. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider disabling the getProducts() function in the productlist.php file until a patch is available.