In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
Metrics
Affected Vendors & Products
References
History
Mon, 19 Aug 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Prestashop
Prestashop pk Customlinks |
|
CPEs | cpe:2.3:a:prestashop:pk_customlinks:*:*:*:*:*:*:*:* | |
Vendors & Products |
Prestashop
Prestashop pk Customlinks |

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-02T03:37:05.421Z
Reserved: 2024-05-30T00:00:00
Link: CVE-2024-36684

Updated: 2024-08-02T03:37:05.421Z

Status : Modified
Published: 2024-06-19T21:15:57.680
Modified: 2024-11-21T09:22:32.807
Link: CVE-2024-36684

No data.