-
[CVE-2023-46347] Improper neutralization of SQL parameter in NDK Design - Step by Step products Pack module for PrestaShop
In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-46346] Improper Limitation of a Pathname to a Restricted Directory in MyPrestaModules - Product Catalog (CSV, Excel, XML) Export PRO module for PrestaShop
In the module “Product Catalog (CSV, Excel, XML) Export PRO” (exportproducts) up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2023-45376] Improper neutralization of SQL parameter in HiPresta - Carousels Pack - Instagram, Products, Brands, Supplier module for PrestaShop
In the module “Carousels Pack - Instagram, Products, Brands, Supplier” (hicarouselspack) up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45381] Improper neutralization of SQL parameter in WebshopWorks Creative Popup module for PrestaShop
In the module “Creative Popup” (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-43986] Improper neutralization of SQL parameter in DM Concept - Advanced configurator for customized product module for PrestaShop
In the module “Advanced configurator for customized product” (configurator) up to version 4.9.3 from DM Concept for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45384] Unrestricted Upload of File with Dangerous Type in KnowBand - One Page Checkout, Social Login & Mailchimp module for PrestaShop
In the module “Module One Page Checkout, Social Login & Mailchimp” (supercheckout) up to version 6.0.6 from KnowBand for PrestaShop, a guest can upload dangerous files with extensions .php.
-
[CVE-2023-45383] Improper Limitation of a Pathname to a Restricted Directory in Common-Services - Sonice Etiquetage module for PrestaShop
In the module “SoNice Etiquetage” (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2023-45379] Improper neutralization of SQL parameter in Posthemes Rotator Img module for PrestaShop
In the module “Rotator Img” (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45375] Improper neutralization of SQL parameter in 01generator.com - PireosPay module for PrestaShop
In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45386] Improper neutralization of SQL parameter in MyPresta.eu - Product Extra Tabs Pro for PrestaShop
In the module “Product Extra Tabs Pro” (extratabspro) up to version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection in affected versions.