-
[CVE-2024-33276] Improper neutralization of SQL parameter in FME Modules - Pre-Order module for PrestaShop
In the module “Pre-Order” (preorderandnotification) up to version 3.1.1 from FME Modules for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33268] Improper neutralization of SQL parameter in Digincube - Free Gifts Products module for PrestaShop
In the module “Free Gifts Products” (mdgiftproduct) up to version 1.4.1 from Digincube for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33269] Improper neutralization of SQL parameter in Prestaddons - Flash Sales module for PrestaShop
In the module “Flash Sales” (flashsales) up to version 1.9.7 from Prestaddons for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33271] Exposure of Private Personal Information to an Unauthorized Actor in FME Modules - Events Manager, Create events & Sell tickets Online module for PrestaShop
In the module “Events Manager, Create events & Sell tickets Online” (eventsmanager) up to version 4.4.0 from FME Modules for PrestaShop, a guest can download personal information without restriction.
-
[CVE-2024-33266] Improper neutralization of SQL parameter in Helloshop - Tracking Center - Parcel tracking 80 carriers module for PrestaShop
In the module “Tracking Center - Parcel tracking 80 carriers” (deliveryorderautoupdate) up to version 2.8.2 from Helloshop for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33272] Improper neutralization of SQL parameters in Knowband - Search Auto Suggest module for PrestaShop
In the module “Search Auto Suggest” (autosuggest) up to version 2.0.0 from KnowBand for PrestaShop, an anonymous user can perform a SQL injection.
-
[CVE-2024-28393] Improper neutralization of SQL parameter in Scalapay module for PrestaShop
In the module “Scalapay” (scalapay) up to version 1.2.41 from Scalapay for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-28386] Improper Neutralization of Special Elements used in an OS Command in the Home-Made.io - FastMag Sync module for PrestaShop
In the module “Fast Mag Sync” (fastmagsync) up to version 1.7.52 from Home-Made.io for PrestaShop, a guest can inject into script an arbitrary executable script.
-
[CVE-2024-28387] Exposure of Private Personal Information to an Unauthorized Actor in Axonaut module for PrestaShop
In the module “Axonaut” (axonaut) up to version 3.1.23 from Axonaut for PrestaShop, a guest can download personal information without restriction.
-
[CVE-2024-28394] External Control of File Name or Path in Advanced Plugins - Sales Reports, Statistics, Custom Fields & Export module for PrestaShop
In the module “Sales Reports, Statistics, Custom Fields & Export” (reportsstatistics) in versions up to 1.3.20 from Advanced Plugins for PrestaShop, a guest can download and delete all files.