Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-25843

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.

Published

2024-02-27T17:15:12.243

Last Modified

2025-05-15T21:09:26.483

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	prestashop	import\/update_bulk_product	< 1.1.29	Yes

References

https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html Product ([email protected])
https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html Patch, Third Party Advisory ([email protected])
https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html Product (af854a3a-2127-422b-91ae-364da2661108)
https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)