Lucene search
HistoryJun 19, 2024 - 9:15 p.m.
CVE-2024-36680
facebook module
sql injection
promokit.eu
prestashop
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0
Percentile
9.0%
In the module “Facebook” (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
Related
cvelist
cvelist
CVE-2024-36680
2024-06-19 00:00:00
vulnrichment
vulnrichment
CVE-2024-36680
2024-06-19 00:00:00
cve
cve
CVE-2024-36680
2024-06-19 21:15:57
wallarmlab
wallarmlab
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-36680