Vulnerability CVE-2024-25849


Published: 2024-03-08

Description:
In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .

 References:
https://addons.prestashop.com/en/price-management/19507-make-an-offer.html
https://security.friendsofpresta.org/modules/2024/03/05/makeanoffer.html

Copyright 2026, cxsecurity.com

 

Back to Top