CVE-2024-33275

2024-04-3015:15:53

[email protected]

web.nvd.nist.gov

cve-2024-33275

sql injection

webbax supernewsletter

privilege escalation

super newsletter module

product_search.php

8.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components.

References

security.friendsofpresta.org/modules/2024/04/29/supernewsletter.html

www.webbax.ch/2017/08/30/9-modules-prestashop-gratuits-offert-par-webbax/