CVE-2024-25845
Description
In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.
CWE
- CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Affected
- n/a / n/a — v=n/a [affected]
CVSS
- (none)
References
- https://www.cleanpresta.com
- https://security.friendsofpresta.org/modules/2024/03/05/cdcustomfields4orders.html
Source
cvelistV5-main/cves/2024/25xxx/CVE-2024-25845.json