CVE-2024-25847 | MyPrestaModules Product Catalog Import Module up to 6.5.0 on PrestaShop _addDataToDb sql injection

Posted by Angelo Barbosa | Mar 3, 2024 | CVE

A vulnerability, which was classified as critical, was found in MyPrestaModules Product Catalog Import Module up to 6.5.0 on PrestaShop. Affected is the function Send::__construct/importProducts::_addDataToDb. The manipulation leads to sql injection.

This vulnerability is traded as CVE-2024-25847. Access to the local network is required for this attack to succeed. There is no exploit available.

CVE-2024-25847 | MyPrestaModules Product Catalog Import Module up to 6.5.0 on PrestaShop _addDataToDb sql injection

Related Posts

CVE-2024-11114 | Google Chrome up to 130.0.6723.116 on Windows Views sandbox

CVE-2024-7737 | Dassault Systèmes 3DSwymer up to R2024x cross site scripting

CVE-2024-36010 | Linux Kernel prior 6.8 igb_main.c igb_set_fw_version allocation of resources (c56d055893cb)

CVE-2023-50246 | jq 1.7 buffer overflow (GHSA-686w-5m7m-54vc)