-
[CVE-2023-46346] Improper Limitation of a Pathname to a Restricted Directory in MyPrestaModules - Product Catalog (CSV, Excel, XML) Export PRO module for PrestaShop
In the module “Product Catalog (CSV, Excel, XML) Export PRO” (exportproducts) up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2023-45376] Improper neutralization of SQL parameter in HiPresta - Carousels Pack - Instagram, Products, Brands, Supplier module for PrestaShop
In the module “Carousels Pack - Instagram, Products, Brands, Supplier” (hicarouselspack) up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45381] Improper neutralization of SQL parameter in WebshopWorks Creative Popup module for PrestaShop
In the module “Creative Popup” (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-43986] Improper neutralization of SQL parameter in DM Concept - Advanced configurator for customized product module for PrestaShop
In the module “Advanced configurator for customized product” (configurator) up to version 4.9.3 from DM Concept for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45384] Unrestricted Upload of File with Dangerous Type in KnowBand - One Page Checkout, Social Login & Mailchimp module for PrestaShop
In the module “Module One Page Checkout, Social Login & Mailchimp” (supercheckout) up to version 6.0.6 from KnowBand for PrestaShop, a guest can upload dangerous files with extensions .php.
-
[CVE-2023-45383] Improper Limitation of a Pathname to a Restricted Directory in Common-Services - Sonice Etiquetage module for PrestaShop
In the module “SoNice Etiquetage” (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2023-45379] Improper neutralization of SQL parameter in Posthemes Rotator Img module for PrestaShop
In the module “Rotator Img” (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45375] Improper neutralization of SQL parameter in 01generator.com - PireosPay module for PrestaShop
In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45386] Improper neutralization of SQL parameter in MyPresta.eu - Product Extra Tabs Pro for PrestaShop
In the module “Product Extra Tabs Pro” (extratabspro) up to version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-37824] Improper neutralization of SQL parameters in the Sitolog Application Connect module from Sitolog for PrestaShop
In the module “Sitolog Application Connect” (sitologapplicationconnect) from Sitolog for PrestaShop, an anonymous user can perform a SQL injection. The module is obsolete and must be deleted.