CVE-2024-36678
- Reference to the description:
- Description:
- In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
- Last updated date:
- 08/08/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/08/2024
- Reference url to background
https://security.friendsofpresta.org/modules/2024/06/18/pk_themesettings.html