CVE-2024-28391 Information

Description

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before allows a remote attacker to escalate privileges and obtain information via the readCsv() displayAjaxProductChangeAttr displayAjaxProductAddToCart getSearchProducts and displayAjaxProductSku methods.

Reference

https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html