CVE-2023-50026

Name of the Vulnerable Software and Affected Versions PrestaShop versions 5.1.1 and earlier

Description The issue allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). This is a SQL injection vulnerability in the Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module.

Recommendations For PrestaShop versions 5.1.1 and earlier, consider disabling the HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts() method until a patch is available to prevent exploitation. Restrict access to sensitive information and limit privileges to minimize the risk of escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.