CVE-2024-24303

Name of the Vulnerable Software and Affected Versions HiPresta Gift Wrapping Pro module for PrestaShop versions prior to 1.4.1

Description The issue allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method. This is a SQL Injection vulnerability.

Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method until a patch is available.