In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
Metrics
Affected Vendors & Products
References
History
Thu, 08 Aug 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Promokit
Promokit pk Themesettings |
|
CPEs | cpe:2.3:a:promokit:pk_themesettings:*:*:*:*:*:prestashop:*:* | |
Vendors & Products |
Promokit
Promokit pk Themesettings |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-06-19T00:00:00
Updated: 2024-08-02T03:37:05.375Z
Reserved: 2024-05-30T00:00:00
Link: CVE-2024-36678
Vulnrichment
Updated: 2024-08-02T03:37:05.375Z
NVD
Status : Modified
Published: 2024-06-19T21:15:57.363
Modified: 2024-11-21T09:22:31.520
Link: CVE-2024-36678
Redhat
No data.