CVE-2023-34576

Critical · CVSS 9.8

PrestaShop opartfaq — SQL Injection

CVSS: 9.8; nvd
EPSS: 0.22%; 44th pct
KEV: No
Class: other; CWE-89

Description

SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.

Search profile — drives PoC discovery

Symbols updatepos.phpopartfaqopartfaq module

Keywords CVE-2023-34576opartfaqPrestaShop SQL injectionupdatepos.phpopartfaq SQLiPrestaShop opartfaq PoC

Versions: <= 1.0.3

References

https://security.friendsofpresta.org/modules/2023/09/19/opartfaq.html
https://security.friendsofpresta.org/modules/2023/09/19/opartfaq.html

Status: enriched · ingested 2026-06-12T18:00:30.000Z · profiled 2026-06-16T18:19:23.017Z