CVE-2023-45387 Information

Description

In the module \Product Catalog (CSV Excel XML) Export PRO\ (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop a guest can perform SQL injection via exportProduct::_addDataToDb().

Reference

https://addons.prestashop.com/en/data-import-export/18662-product-catalog-csv-excel-xml-export-pro.html https://security.friendsofpresta.org/modules/2023/11/16/exportproducts.html