SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods.
References
| Link | Resource |
|---|---|
| https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html | Patch Third Party Advisory |
| https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html | Patch Third Party Advisory |
Configurations
History
10 Jun 2025, 16:25
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Fmemodules b2b Quick Order Form
Fmemodules |
|
| CPE | cpe:2.3:a:fmemodules:b2b_quick_order_form:*:*:*:*:*:prestashop:*:* | |
| References | () https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html - Patch, Third Party Advisory |
10 Jun 2025, 16:08
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html - Third Party Advisory, Patch | |
| First Time |
Prestashop prestashop
Prestashop |
|
| CPE | cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:* |
21 Nov 2024, 09:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html - |
01 Aug 2024, 13:49
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| CWE | CWE-269 |
14 Mar 2024, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-03-14 04:15
Updated : 2025-06-10 16:25
NVD link : CVE-2024-28391
Mitre link : CVE-2024-28391
CVE.ORG link : CVE-2024-28391
JSON object : View
Products Affected
fmemodules
- b2b_quick_order_form
CWE
CWE-269
Improper Privilege Management