-
[CVE-2024-36681] Improper neutralization of SQL parameter in Promokit.eu - Isotope module for PrestaShop
In the module “Isotope” (pk_isotope) from Promokit.eu for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-50029] Improper Control of Generation of Code in PrestaAddons - M4 PDF Extensions module for PrestaShop
In the module “M4 PDF Extensions” (m4pdf) up to version 3.3.2 from PrestaAddons for PrestaShop, a guest can perform PHP code injection in affected versions.
-
[CVE-2024-34992] Improper neutralization of SQL parameter in FME Modules - Help Desk - Customer Support Management System module for PrestaShop
In the module “Help Desk - Customer Support Management System” (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-34991] Exposure of Private Personal Information to an Unauthorized Actor in Quadra Informatique - Axepta module for PrestaShop
In the module “Axepta” (axepta) from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc without restriction.
-
[CVE-2024-34988] Improper neutralization of SQL parameter in Buy Addons - Complete for Create a Quote in Frontend + Backend Pro module for PrestaShop
In the module “Complete for Create a Quote in Frontend + Backend Pro” (askforaquotemodul) up to version 1.0.52 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-36680] Improper neutralization of SQL parameter in Promokit.eu - Facebook module for PrestaShop
In the module “Facebook” (pkfacebook) from Promokit.eu for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-36678] Improper neutralization of SQL parameter in Promokit.eu - Theme settings module for PrestaShop
In the module “Theme settings” (pk_themesettings) from Promokit.eu for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-36684] Improper neutralization of SQL parameter in Promokit.eu - Custom links module for PrestaShop
In the module “Custom links” (pk_customlinks) from Promokit.eu for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-36677] Exposure of Private Personal Information to an Unauthorized Actor in Weblir - Login as customer PRO module for PrestaShop
In the module “Login as customer PRO” (loginascustomerpro) from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen.
-
[CVE-2024-36679] Improper Control of Generation of Code in Module Live Chat Pro (All in One Messaging) module for PrestaShop
In the module “Module Live Chat Pro (All in One Messaging)” (livechatpro), a guest can perform PHP Code injection in affected versions.