CVE-2024-36683

HIGH NUCLEI

Smart Modules for PrestaShop <1.7.4 - SQL Injection

Title source: llm

Exploitation Summary

CVE-2024-36683 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method.

Nuclei Templates (1)

PrestaShop productsalert - SQL Injection

CRITICALVERIFIEDby mastercho

Shodan: html:"/productsalert"

FOFA: body="/productsalert"

References (1)

Core 1

Core References

Various Sources

https://security.friendsofpresta.org/modules/2024/06/20/productsalert.html

Scores

CVSS v3 7.3

EPSS 0.0096

EPSS Percentile 56.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Published Jun 24, 2024

Tracked Since Feb 18, 2026