CVE-2024-36683

Name of the Vulnerable Software and Affected Versions PrestaShop module "Products Alert" (productsalert) versions prior to 1.7.4

Description The issue allows attackers to obtain sensitive information and cause other impacts via the ProductsAlertAjaxProcessModuleFrontController::initContent method. This method is vulnerable to SQL injection attacks.

Recommendations For PrestaShop module "Products Alert" (productsalert) versions prior to 1.7.4, update to version 1.7.4 or later to resolve the issue. As a temporary workaround, consider disabling the ProductsAlertAjaxProcessModuleFrontController::initContent method until a patch is available.