In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.
References
| Link | Resource |
|---|---|
| https://security.friendsofpresta.org/modules/2024/03/05/cdcustomfields4orders.html | Patch Third Party Advisory |
| https://www.cleanpresta.com | Broken Link |
| https://security.friendsofpresta.org/modules/2024/03/05/cdcustomfields4orders.html | Patch Third Party Advisory |
| https://www.cleanpresta.com | Broken Link |
Configurations
History
05 May 2025, 15:02
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://security.friendsofpresta.org/modules/2024/03/05/cdcustomfields4orders.html - Patch, Third Party Advisory | |
| References | () https://www.cleanpresta.com - Broken Link | |
| CPE | cpe:2.3:a:cleanpresta:cd_custom_fields_4_orders:*:*:*:*:*:prestashop:*:* | |
| First Time |
Cleanpresta cd Custom Fields 4 Orders
Cleanpresta |
21 Nov 2024, 09:01
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://security.friendsofpresta.org/modules/2024/03/05/cdcustomfields4orders.html - | |
| References | () https://www.cleanpresta.com - |
27 Aug 2024, 20:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-89 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
08 Mar 2024, 14:02
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
08 Mar 2024, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-03-08 02:15
Updated : 2025-05-05 15:02
NVD link : CVE-2024-25845
Mitre link : CVE-2024-25845
CVE.ORG link : CVE-2024-25845
JSON object : View
Products Affected
cleanpresta
- cd_custom_fields_4_orders
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')