CVE-2023-46351

Name of the Vulnerable Software and Affected Versions mib module for PrestaShop versions prior to 1.6.1

Description The issue allows a guest to perform SQL injection. The methods mib::getManufacturersByCategory() contain sensitive SQL calls that can be executed with a trivial HTTP call and exploited to forge a SQL injection.

Recommendations For versions prior to 1.6.1, update to version 1.6.1 or later to resolve the issue. As a temporary workaround, consider disabling the mib::getManufacturersByCategory() function until a patch is available.