-
[CVE-2024-33836] Unrestricted Upload of File with Dangerous Type in JA Marketplace module for PrestaShop
In the module “JA Marketplace” (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php.
-
[CVE-2024-34990] Unrestricted Upload of File with Dangerous Type in FME Modules - Help Desk - Customer Support Management System module for PrestaShop
In the module “Help Desk - Customer Support Management System” (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files.
-
[CVE-2024-34994] Improper neutralization of SQL parameter in Channable module for PrestaShop
In the module “Channable” (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-34993] Improper neutralization of SQL parameter in Buy Addons - Bulk Export products to Google Merchant-Google Shopping module for PrestaShop
In the module “Bulk Export products to Google Merchant-Google Shopping” (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33275] Improper neutralization of SQL parameter in Webbax - Super Newsletter module for PrestaShop
In the module “Super Newsletter” (supernewsletter) up to version 1.4.21 (DANGER : all versions) from Webbax for PrestaShop, due to a predictable token, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33273] Improper neutralization of SQL parameter in ShipUp module for PrestaShop
In the module “ShipUp” (shipup) up to version 3.3.0 from ShipUp for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45385] Improper Limitation of a Pathname to a Restricted Directory in ProQuality - Print Shipping Labels Pro module for PrestaShop
In the module “Print Shipping Labels Pro” (pqprintshippinglabels) up to version 4.15.0 from ProQuality for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2024-33267] Improper neutralization of SQL parameter in Hero - Payment module for PrestaShop
In the module “Hero - Payment” (hfheropayment) up to version 1.2.5 from Hero for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33270] Exposure of Private Personal Information to an Unauthorized Actor in FME Modules - Customer File Upload-Attach File on Product,Cart pages module for PrestaShop
In the module “Customer File Upload-Attach File on Product,Cart pages” (fileuploads) up to version 2.0.3 from FME Modules for PrestaShop, a guest can download personal information without restriction.
-
[CVE-2024-33274] Improper Limitation of a Pathname to a Restricted Directory in FME Modules - Custom Checkout Fields, Add Custom Fields to Checkout module for PrestaShop
In the module “Custom Checkout Fields, Add Custom Fields to Checkout” (customfields) up to version 2.2.7 from FME Modules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.