CVE-2024-28388 Information

Description

SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method.

Reference

https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html