CVE-2024-25849 | Make an Offer Module up to 1.7.1 on PrestaShop addUserOffer sql injection

CVE-2024-25849 | Make an Offer Module up to 1.7.1 on PrestaShop addUserOffer sql injection

A vulnerability was found in Make an Offer Module up to 1.7.1 on PrestaShop. It has been rated as critical. Affected by this issue is the function MakeOffers::checkUserExistingOffer/MakeOffers::addUserOffer. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-25849. Access to the local network is required for this attack to succeed. There is no exploit available.