CNNVD-202506-1692 Information

Jun 12, 2025 cve

CNNVD ID

CNNVD-202506-1692

CVE-2023-45256

CNNVD Published: 2025-06-12

Description (Chinese)

PrestaShop EuroInformation MoneticoPaiement是法国PrestaShop公司的一款用于将 Monetico/CIC/Créditxa0Mutuel 支付网关集成到 PrestaShop 的插件。 PrestaShop EuroInformation MoneticoPaiement 1.1.1之前版本存在安全漏洞，该漏洞源于transaction.php、validation.php和callback.php文件中参数TPE、societe、MAC、reference或aliascb未经验证，可能导致SQL注入攻击。

Description (English)

PrestaShop EuroInformation MonacoPaiement is a French company PrestaShop’s plugin for the integration of the Monetico/CIC/Créditxa0Mutuel payment gateway into PrestaShop. Prior to PrestaShop.EuroInformation MonacoPaiment 1.1.1, there was a security loophole, which originated from the parameters TPE, societe, MAC, reference or liascb in the transport.php, validation.php and Callback.php files, which could have resulted in an unverified SQL injection attack.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

PrestaShop

Published

2025-06-12

Last Modified

2026-02-24

References

https://security.friendsofpresta.org/modules/2025/06/10/MoneticoPaiement.html https://www.monetico-paiement.fr/fr/installer/telechargements/kit_telechargeable.aspx?_tabi=I0&_pid=ValidateLicencePage https://nvd.nist.gov/vuln/detail/CVE-2023-45256

Patch

https://www.monetico-paiement.fr/fr/installer/telechargements/kit_telechargeable.aspx?_tabi=I0&_pid=ValidateLicencePage

Share on: