Secure peace of mind with Cyber Legion—Your Trusted Cybersecurity Partner.

Speak With a Security Expert

Elevate your cybersecurity posture with our expert and strategic security solutions

Experience the assurance of CREST Certified Penetration Testing services


In the module “Step by Step products Pack” (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. (CVSS:9.8) (EPSS:0.08%) (Last Update:2023-11-01 19:18:48)   Latest security vulnerabilities (SQL Injection) (CVSS score >= 4) – Deprecated! See channel description 



More To Explore