MidnightBSD

Advisories for prestatoolkit

CVE-2024-25849

In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .

Products Affected

Vendor Product Version
prestatoolkit make_an_offer/offer_your_price *