.. / CVE-2023-46347

Exploit for PrestaShop Step by Step products Pack - SQL Injection (CVE-2023-46347)

Description:

In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.

Nuclei Template

View the template here CVE-2023-46347.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-46347.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-46347
https://security.friendsofpresta.org/modules/2023/10/24/ndk_steppingpack.html
https://stack.chaitin.com/poc/detail/3977