CVE-2024-36683

HIGH NUCLEI

Smart Modules for PrestaShop <1.7.4 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method.

Nuclei Templates (1)

PrestaShop productsalert - SQL Injection

CRITICALVERIFIEDby mastercho

Shodan: html:"/productsalert"

FOFA: body="/productsalert"

References (1)

[Various Sources] https://security.friendsofpresta.org/modules/2024/06/20/productsalert.html

Scores

CVSS v3 7.3

EPSS 0.0100

EPSS Percentile 77.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89

Status published

Published Jun 24, 2024

Tracked Since Feb 18, 2026