CVE-2023-50030 Information

Description

In the module \Jms Setting\ (jmssetting) from Joommasters for PrestaShop a guest can perform SQL injection in versions <= 1.1.0. The method JmsSetting::getSecondImgs() has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.

Reference

https://www.joommasters.com/ https://security.friendsofpresta.org/modules/2024/01/16/jmssetting.html