Friends-Of-Presta Security Advisories

Mar 14, 2023 • #modules • critical (9.8)
[CVE-2023-25206] Multiple improper neutralization of SQL parameters in ws_productreviews module for PrestaShop
In the module “Advanced Reviews: Photos, Reminder, Google Snippets” (ws_productreviews), an anonymous user can perform SQL injection in affected versions. 3.6.2 fixed vulnerabilities.
Mar 13, 2023 • #modules • critical (9.8)
[CVE-2023-29630] Blind SQL injection vulnerability in Jms Vertical MegaMenu (jmsvermegamenu) PrestaShop module
The module Jms Vertical MegaMenu (jmsvermegamenu) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
Mar 13, 2023 • #modules • critical (9.8)
[CVE-2023-29629] Blind SQL injection vulnerability in Jms Theme Layout (jmsthemelayout) PrestaShop module
The module Jms Theme Layout (jmsthemelayout) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
Mar 13, 2023 • #modules • critical (9.8)
[CVE-2023-29631] Unrestricted upload vulnerability in Jms Slider (jmsslider) PrestaShop module
The module Jms Slider (jmsslider) from Joommasters contains an unrestricted upload of file with dangerous type vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
Mar 13, 2023 • #modules • critical (9.8)
[CVE-2023-29632] Blind SQL injection vulnerability in Jms Page Builder (jmspagebuilder) PrestaShop module
The module Jms Page Builder (jmspagebuilder) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
Mar 13, 2023 • #modules • critical (9.8)
[CVE-2023-29630] Blind SQL injection vulnerability in Jms MegaMenu (jmsmegamenu) PrestaShop module
The module Jms MegaMenu (jmsmegamenu) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
Mar 13, 2023 • #modules • critical (9.8)
[CVE-2023-27034] Blind SQL injection vulnerability in Jms Blog (jmsblog) PrestaShop module
The module Jms Blog (jmsblog) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
Mar 13, 2023 • #core • moderate (5.0)
[CVE-2023-25170] Possible CSRF token fixation (CWE-352)
Not clear CSRF tokens upon login…
Mar 9, 2023 • #modules • critical (9.8)
[CVE-2023-25207] Multiple improper neutralization of SQL parameters in DPD France module for PrestaShop
In the module “DPD France” (dpdfrance) for PrestaShop, a remote attaker can perform a blind SQL injection in affected versions. Release 6.1.3 fixed vulnerabilities.
Mar 6, 2023 • #modules • high (8.8)
[CVE-2023-24763] Multiple improper neutralization of SQL parameters in XenForum module for PrestaShop
In the module “Xen Forum” (xenforum) edited by App1pro, an authenticated user can perform SQL injection in affected versions. 2.13.0 fixed vulnerabilities.