CVE-2024-36679 Information

Description

In the module \Module Live Chat Pro (All in One Messaging)\ (livechatpro) <=8.4.0 a guest can perform PHP Code injection. Due to a predictable token the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP file.

Reference

https://security.friendsofpresta.org/modules/2024/06/18/livechatpro.html