CVE-2024-25847 | MyPrestaModules Product Catalog Import Module up to 6.5.0 on PrestaShop _addDataToDb sql injection

CVE-2024-25847 | MyPrestaModules Product Catalog Import Module up to 6.5.0 on PrestaShop _addDataToDb sql injection

A vulnerability, which was classified as critical, was found in MyPrestaModules Product Catalog Import Module up to 6.5.0 on PrestaShop. Affected is the function Send::__construct/importProducts::_addDataToDb. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-25847. Access to the local network is required for this attack to succeed. There is no exploit available.