-
[CVE-2023-3031] Improper Limitation of a Pathname to a Restricted Directory in Webbax - King-Avis module for PrestaShop
Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15.
-
[CVE-2023-30149] Improper neutralization of SQL parameter in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop
SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the
type,input_name. orqparameter in theautocompletion.phpfront controller. -
[CVE-2023-30197] Improper Limitation of a Pathname to a Restricted Directory in Webbax - My inventory module for PrestaShop
In the module “My inventory” (myinventory) from Webbax for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2023-33280] Improper neutralization of multiple SQL parameters in the scquickaccounting module for PrestaShop
In the module “SC Quick Accounting” (scquickaccounting), an anonymous user can perform a SQL injection. The module have been patched in version 3.7.4.
-
[CVE-2023-33279] Improper neutralization of multiple SQL parameters in the SC Fix My PrestaShop module for PrestaShop
In the module “SC Fix My PrestaShop” (scfixmyprestashop), an anonymous user can perform a SQL injection. The module is obsolete and must be deleted.
-
[CVE-2023-33278] Improper neutralization of multiple SQL parameters in the scexportcustomers module for PrestaShop
In the module “SC Export Customers” (scexportcustomers), an anonymous user can perform SQL injections. The module have been patched in version 3.6.2.
-
[CVE-2023-30196] Improper Limitation of a Pathname to a Restricted Directory in Webbax - Sales Booster module for PrestaShop
In the module “Sales Booster” (salesbooster) from Webbax for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2023-30191] Improper neutralization of SQL parameter in Prestaeg - CDesigner module for PrestaShop
In the module “CDesigner” (cdesigner) from Prestaeg for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-30199] Improper Limitation of a Pathname to a Restricted Directory in Webbax - Custom Exporter module for PrestaShop
In the module “Custom Exporter” (customexporter) from Webbax for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2023-30192] Improper neutralization of SQL parameter in PosThemes - Search Products for PrestaShop
In the module “Search Products” (possearchproducts) from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions.