-
[CVE-2023-46352] Exposure of Private Personal Information to an Unauthorized Actor in Smart Modules - Pixel Plus: Events + CAPI + Pixel Catalog for Facebook module for PrestaShop
In the module “Pixel Plus: Events + CAPI + Pixel Catalog for Facebook” (facebookconversiontrackingplus) up to version 2.4.8 from Smart Modules for PrestaShop, a guest can download personal information without restriction.
-
[CVE-2023-44025] Improper neutralization of SQL parameter in Addify - Free Gifts module for PrestaShop
In the module “Free Gifts” (addifyfreegifts) up to version 1.0.2 from Addify for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45899] Improper Access Control in the superuser module edited by idnovate for PrestaShop
The module “idnovate” for PrestaShop incorrectly restricts access to the “connect as” feature from >= 2.3.5 and < 2.4.2 lets an attacker connect as any customer account. Release 2.4.2 fixed this security issue.
-
[CVE-2023-45378] Improper neutralization of SQL parameter in HDclic - PrestaBlog module for PrestaShop
In the module “PrestaBlog” (prestablog) up to version 4.4.7 from HDclic for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-46356] Improper neutralization of SQL parameter in Bl Modules - CSV Feeds PRO module for PrestaShop
In the module “CSV Feeds PRO” (csvfeeds) up to version 2.5.2 from Bl Modules for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-27846] Improper neutralization of SQL parameter in tvcmsblog module by themevolty for PrestaShop
In tvcmsblog, dependancies of the theme Electron edited by Themevolty for PrestaShop, an attacker can perform a blind SQL injection.
-
[CVE-2023-36263] Improper neutralization of SQL parameter in Opart limit quantity for PrestaShop
In the module “Opart limit quantity” (opartlimitquantity), a guest can perform SQL injection in affected versions.
-
[CVE-2023-43139] Improper Neutralization of Special Elements used in an OS Command in the Franfinance module for PrestaShop
The PrestaShop e-commerce platform module Franfinance contains a vulnerability that lets an attaker inject a malicious malware in releases published before 2019.
-
[CVE-2023-46358] Improper neutralization of SQL parameter in Snegurka - Referral and Affiliation Program module for PrestaShop
In the module “Referral and Affiliation Program” (referralbyphone) up to 3.5.1 (all versions - see WARNING) from Snegurka for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-46347] Improper neutralization of SQL parameter in NDK Design - Step by Step products Pack module for PrestaShop
In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.