CVE-2024-25848

In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
mitreCNA
---
---
CISA-ADPADP
5.9 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
team-everseo
𝑥
≤ 8.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://addons.prestashop.com/fr/seo-referencement-naturel/39489-ever-ultimate-seo.html
https://security.friendsofpresta.org/modules/2024/03/05/everpsseo.html
https://www.team-ever.com/prestashop-ever-ultimate-seo/
https://addons.prestashop.com/fr/seo-referencement-naturel/39489-ever-ultimate-seo.html
https://security.friendsofpresta.org/modules/2024/03/05/everpsseo.html
https://www.team-ever.com/prestashop-ever-ultimate-seo/