Critical severity9.8NVD Advisory· Published Jun 19, 2024· Updated Jun 17, 2026
CVE-2024-36684
CVE-2024-36684
Description
In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Promokit.eu/Custom links moduledescription
- Range: <=2.3
Patches
Vulnerability mechanics
References
1- security.friendsofpresta.org/modules/2024/06/18/pk_customlinks.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.