CVE-2023-36263
Critical · CVSS 9.8Prestashop opartlimitquantity — SQL Injection
- CVSS
- 9.8
- nvd
- EPSS
- 0.05%
- 16th pct
- KEV
- No
- Class
- other
- CWE-89, CWE-89
Description
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
Search profile — drives PoC discovery
Symbols OpartlimitquantityAlertlimitModuleFrontControllerdisplayAjaxPushAlertMessageopartlimitquantity
Keywords CVE-2023-36263opartlimitquantitySQL InjectionPrestashopdisplayAjaxPushAlertMessageOpartlimitquantityAlertlimitModuleFrontControlleropartlimitquantity exploitPrestashop module SQLi
Versions: <=1.4.5
Candidate PoCs (1) — discovered, not yet vetted or ranked
- ARPSyndicate/cve-scores★ 0trickest
Recall-favoring discovery (nomi-sec + trickest). Vetting + ranking is the Stage-4 scorer.
References
Status: enriched · ingested 2026-06-12T18:00:30.000Z · profiled 2026-06-16T18:19:23.017Z