CVE-2024-28393 | scalapay up to 1.2.41 on PrestaShop postProcess sql injection

Posted by Angelo Barbosa | Mar 25, 2024 | CVE

A vulnerability, which was classified as critical, was found in scalapay up to 1.2.41 on PrestaShop. This affects the function ScalapayReturnModuleFrontController::postProcess. The manipulation leads to sql injection.

This vulnerability is uniquely identified as CVE-2024-28393. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2024-28393 | scalapay up to 1.2.41 on PrestaShop postProcess sql injection

Related Posts

CVE-2024-9356 | Yotpo Plugin up to 1.7.8 on WordPress cross site scripting

CVE-2024-43823 | Linux Kernel up to 6.1.102/6.6.43/6.10.2 keystone ks_pcie_setup_rc_app_regs null pointer dereference

CVE-2024-21038 | Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13 LOV Remote Code Execution

CVE-2024-28589 | Axigen Mail Server up to 10.5.18 on Windows uncontrolled search path