CVE-2024-36680

HIGH EXPLOITED

PrestaShop pkfacebook <=1.0.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-36680 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.1009
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2024-06-24
CWE
CWE-89
Status published
Published Jun 19, 2024
Tracked Since Feb 18, 2026