CVE-2024-36684

Name of the Vulnerable Software and Affected Versions PrestaShop module "Custom links" (pk customlinks) versions prior to 2.3

Description The issue allows a guest to perform SQL injection in the "Custom links" module. Specifically, the script ajax.php contains a sensitive SQL call that can be executed and exploited with a trivial HTTP call to forge a SQL injection.

Recommendations For versions prior to 2.3, update the "Custom links" module to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the ajax.php script to minimize the risk of exploitation.