-
[CVE-2024-36679] Improper Control of Generation of Code in Module Live Chat Pro (All in One Messaging) module for PrestaShop
In the module “Module Live Chat Pro (All in One Messaging)” (livechatpro), a guest can perform PHP Code injection in affected versions.
-
[CVE-2024-33836] Unrestricted Upload of File with Dangerous Type in JA Marketplace module for PrestaShop
In the module “JA Marketplace” (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php.
-
[CVE-2024-34990] Unrestricted Upload of File with Dangerous Type in FME Modules - Help Desk - Customer Support Management System module for PrestaShop
In the module “Help Desk - Customer Support Management System” (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files.
-
[CVE-2024-34994] Improper neutralization of SQL parameter in Channable module for PrestaShop
In the module “Channable” (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-34993] Improper neutralization of SQL parameter in Buy Addons - Bulk Export products to Google Merchant-Google Shopping module for PrestaShop
In the module “Bulk Export products to Google Merchant-Google Shopping” (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33275] Improper neutralization of SQL parameter in Webbax - Super Newsletter module for PrestaShop
In the module “Super Newsletter” (supernewsletter) up to version 1.4.21 (DANGER : all versions) from Webbax for PrestaShop, due to a predictable token, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33273] Improper neutralization of SQL parameter in ShipUp module for PrestaShop
In the module “ShipUp” (shipup) up to version 3.3.0 from ShipUp for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45385] Improper Limitation of a Pathname to a Restricted Directory in ProQuality - Print Shipping Labels Pro module for PrestaShop
In the module “Print Shipping Labels Pro” (pqprintshippinglabels) up to version 4.15.0 from ProQuality for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2024-33267] Improper neutralization of SQL parameter in Hero - Payment module for PrestaShop
In the module “Hero - Payment” (hfheropayment) up to version 1.2.5 from Hero for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33270] Exposure of Private Personal Information to an Unauthorized Actor in FME Modules - Customer File Upload-Attach File on Product,Cart pages module for PrestaShop
In the module “Customer File Upload-Attach File on Product,Cart pages” (fileuploads) up to version 2.0.3 from FME Modules for PrestaShop, a guest can download personal information without restriction.