CVE-2023-34575

Critical · CVSS 9.8

PrestaShop opartsavecart — SQL Injection

CVSS: 9.8; nvd
EPSS: 0.27%; 51th pct
KEV: No
Class: other; CWE-89

Description

SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.

Search profile — drives PoC discovery

Symbols OpartSaveCartDefaultModuleFrontControllerinitContentdisplayAjaxSendCartByEmailopartsavecart

Keywords CVE-2023-34575opartsavecartPrestaShopSQL injectionOpartSaveCartDefaultModuleFrontControllerinitContentdisplayAjaxSendCartByEmailopart save cartPrestaShop module SQLi

Versions: <=2.0.7

References

https://security.friendsofpresta.org/modules/2023/09/19/opartsavecart.html
https://security.friendsofpresta.org/modules/2023/09/19/opartsavecart.html

Status: enriched · ingested 2026-06-12T18:00:30.000Z · profiled 2026-06-16T18:19:23.017Z