CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-25849

In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.8%

CVSS Severity

CVSS v3 Score 9.8

References

https://addons.prestashop.com/en/price-management/19507-make-an-offer.html
https://security.friendsofpresta.org/modules/2024/03/05/makeanoffer.html
https://addons.prestashop.com/en/price-management/19507-make-an-offer.html
https://security.friendsofpresta.org/modules/2024/03/05/makeanoffer.html

Products affected by CVE-2024-25849

Prestatoolkit » Make An Offer/offer Your Price » Version: Any

cpe:2.3:a:prestatoolkit:make_an_offer/offer_your_price:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25849

Products

Pricing

Contact Us