CVE-2024-28391

Name of the Vulnerable Software and Affected Versions FME Modules quickproducttable module for PrestaShop versions 1.2.1 and earlier

Description The issue allows a remote attacker to escalate privileges and obtain information. This is achieved through the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods.

Recommendations For versions 1.2.1 and earlier, update to a version that fixes this issue, as the current version allows for SQL injection attacks that can lead to privilege escalation and information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.