Vulnerability CVE-2023-50030


Published: 2024-01-19

Description:
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.

 References:
https://www.joommasters.com/
https://security.friendsofpresta.org/modules/2024/01/16/jmssetting.html

Copyright 2026, cxsecurity.com

 

Back to Top