-
[CVE-2023-33777] Exposure of Private Personal Information to an Unauthorized Actor in Common Services - Amazon module for PrestaShop
In the module “Amazon” (amazon) up to version 5.2.23 from Common Services for PrestaShop, a guest can access personal data.
-
[CVE-2023-26861] Improper neutralization of several SQL parameters in vivawallet module for PrestaShop
The deprecated module “vivawallet” (name of the directory) edited by Viva Wallet prior to 1.7.9 for PrestaShop has several SQL injections.
-
[CVE-2023-27845] Improper neutralization of a SQL parameter in KerAwen Omnichannel Stocks module for PrestaShop
In the module “KerAwen Omnichannel Stocks” (kerawen_ocs) for PrestaShop, an anonymous user can perform SQL injection before 1.4.1. Release 1.4.1 fixed this security issue.
-
[CVE-2023-33664] Improper neutralization of a SQL parameter in aicombinationsonfly module for PrestaShop
In the module “Combinations generated on fly for your store” (aicombinationsonfly) for PrestaShop, an attacker can perform SQL injection before 0.3.1. Release 0.3.1 fixed this security issue.
-
[CVE-2023-30195] Exposure of Private Personal Information to an Unauthorized Actor in Linea Grafica - Detailed Order module for PrestaShop
In the module “Detailed Order” (lgdetailedorder) from Linea Grafica for PrestaShop, a guest can download personal information without restriction formatted in json.
-
[CVE-2023-30151] Improper neutralization of SQL parameters in the Boxtal (envoimoinscher) module from Boxtal for PrestaShop
In the Boxtal (envoimoinscher) module from Boxtal for PrestaShop, after version 3.1.10, a SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands via the
keyparameter in theajax.phpfront controller. -
[CVE-2023-31672] Improper neutralization of an SQL parameter in ailinear module for PrestaShop
In the module “Length, weight or volume sell” (ailinear) for PrestaShop, an attacker can perform SQL injection up to 2.4.3. Release 2.4.3 fixed this security issue.
-
[CVE-2023-31671] Improper neutralization of SQL parameter in Postfinance module
SQL injection vulnerability found in the module “Postfinance” edited by Webbax for PrestaShop before 17.1.14. (17.1.14 fix the issue) allow a remote attacker to perform SQL injection in affected versions.
-
[CVE-2023-30198] Improper Limitation of a Pathname to a Restricted Directory in Webbax - Winbiz Payment module for PrestaShop
In the module “Winbiz Payment” (winbizpayment) from Webbax for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2023-30150] Improper neutralization of SQL parameters in the Leo Custom Ajax (leocustomajax) module from LeoTheme for PrestaShop
Multiple SQL injection vulnerabilities in the Leo Custom Ajax (leocustomajax) module from LeoTheme for PrestaShop, in version 1.0, allow remote attackers to execute arbitrary SQL commands via the
cat_list,pro_info,pro_add,pro_cdownorpro_colorparameter inleoajax.php.