CVE-2023-46358 Information

Description

In the module \Referral and Affiliation Program\ (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop a guest can perform SQL injection. Method ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.

Reference

https://security.friendsofpresta.org/modules/2023/10/24/referralbyphone.html