Uncovering Critical SQL Injection Vulnerability (CVE-2023–51210) in Prestashop Plugin Bundle Product | Pack Products
Hey folks,
We’ve got an important heads-up for users of the Bundle Product | Product Pack plugin on Prestashop (Version 6.0.1). A serious problem has been discovered, and it’s officially known as CVE-2023–51210. This is a techy way of saying there’s a big issue that needs fixing ASAP.
What is Bundle Product | Pack Products?
For those seeking a comprehensive solution to enhance the product management capabilities of their Prestashop e-commerce platform, the Bundle Product | Product Pack plugin stands as a formidable choice. Developed to streamline and optimize the process of creating bundled product offerings, this plugin empowers users with a user-friendly interface, allowing for the creation of product packages tailored to their unique business needs.
What’s the problem?
The trouble is hiding in the plugin’s code, particularly in something called the updateProductQuantity function. When the plugin deals with a input comes from user, it doesn’t check things properly. This lets bad actors inject tricky database commands, giving them access they shouldn’t have. Imagine someone getting into your secret stuff and changing things — not cool!
How can it affect you?
This isn’t a small problem. It could mess up how your Prestashop works and put your info at risk. Bad guys might sneak in, grab private customer details, or mess with your product info. It’s a big deal.
What should you do?
- Update, Update, Update: Get the latest version of the Bundle Product | Product Pack plugin. The smart folks who make these things already fixed it in version 6.1.0.
- Keep an Eye Out: Check your system logs for anything fishy. If something seems off, take action. Stay vigilant!
- Tell the Developers: Give a nudge to the people who made or manage your website. They need to know about this so they can keep everything safe.
In a nutshell, take this seriously. Keep your plugins up to date, add a bit of extra protection, and keep an eye on things. Together, we can show these online troublemakers they’re not welcome!
Discovered by:
Nasir Khan / Touseef Gul
Stay safe out there!