Vulnerability Details CVE-2024-25843
In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.5%
CVSS Severity
CVSS v3 Score 9.8
References
- https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html
- https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html
- https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html
- https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html
Products affected by CVE-2024-25843
-
cpe:2.3:a:prestashop:import/update_bulk_product:*