In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
History

Thu, 08 Aug 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Promokit
Promokit pk Themesettings
CPEs cpe:2.3:a:promokit:pk_themesettings:*:*:*:*:*:prestashop:*:*
Vendors & Products Promokit
Promokit pk Themesettings

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-06-19T00:00:00

Updated: 2024-08-02T03:37:05.375Z

Reserved: 2024-05-30T00:00:00

Link: CVE-2024-36678

cve-icon Vulnrichment

Updated: 2024-08-02T03:37:05.375Z

cve-icon NVD

Status : Modified

Published: 2024-06-19T21:15:57.363

Modified: 2024-11-21T09:22:31.520

Link: CVE-2024-36678

cve-icon Redhat

No data.