CVE-2023-43986 Information

Description

DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken.

Reference

https://security.friendsofpresta.org/modules/2023/10/19/configurator.html https://addons.prestashop.com/fr/declinaisons-personnalisation/20343-configurateur-avance-de-produit-sur-mesure-par-etape.html