CVE-2024-34989

State: PUBLISHED · Published: 2024-06-21 · Updated: 2024-08-02 · Assigner: mitre

Description

In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0 from RSI for PrestaShop, a guest can perform SQL injection via `PrestaPDFProductListModuleFrontController::queryDb().'

CWE

CWE-89 — CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected

n/a / n/a — v=n/a [affected]

CVSS

(none)

References

https://security.friendsofpresta.org/modules/2024/06/20/prestapdf.html

Source

cvelistV5-main/cves/2024/34xxx/CVE-2024-34989.json