Filtered by vendor Myprestamodules
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46357 | 1 Myprestamodules | 1 Cross Selling In Modal Cart | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46349 | 1 Myprestamodules | 1 Updateproducts | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | |||||
| CVE-2023-46346 | 1 Myprestamodules | 1 Exportproducts | 2024-11-21 | N/A | 7.5 HIGH |
| In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | |||||
| CVE-2023-45387 | 1 Myprestamodules | 1 Exportproducts | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` | |||||
| CVE-2023-40923 | 1 Myprestamodules | 1 Orders \(csv\, Excel\) Export | 2024-11-21 | N/A | 8.8 HIGH |
| MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. | |||||
| CVE-2023-26858 | 1 Myprestamodules | 1 Frequently Asked Questions Page | 2024-11-21 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. | |||||