CVE-2023-40922 Information

Description

kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().

Reference

https://security.friendsofpresta.org/modules/2023/11/02/kerawen.html