Vulnerability Details CVE-2024-28395
SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.3%
CVSS Severity
CVSS v3 Score 9.8
References
- https://addons.prestashop.com/en/pop-up/20208-pop-up-schedule-popup-splash-window.html
- https://security.friendsofpresta.org/modules/2024/03/14/bestkit_popup.html
- https://addons.prestashop.com/en/pop-up/20208-pop-up-schedule-popup-splash-window.html
- https://security.friendsofpresta.org/modules/2024/03/14/bestkit_popup.html
Products affected by CVE-2024-28395
-
cpe:2.3:a:best-kit:bestkit_popup:*