-
[CVE-2024-33274] Improper Limitation of a Pathname to a Restricted Directory in FME Modules - Custom Checkout Fields, Add Custom Fields to Checkout module for PrestaShop
In the module “Custom Checkout Fields, Add Custom Fields to Checkout” (customfields) up to version 2.2.7 from FME Modules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2024-33276] Improper neutralization of SQL parameter in FME Modules - Pre-Order module for PrestaShop
In the module “Pre-Order” (preorderandnotification) up to version 3.1.1 from FME Modules for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33268] Improper neutralization of SQL parameter in Digincube - Free Gifts Products module for PrestaShop
In the module “Free Gifts Products” (mdgiftproduct) up to version 1.4.1 from Digincube for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33269] Improper neutralization of SQL parameter in Prestaddons - Flash Sales module for PrestaShop
In the module “Flash Sales” (flashsales) up to version 1.9.7 from Prestaddons for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33271] Exposure of Private Personal Information to an Unauthorized Actor in FME Modules - Events Manager, Create events & Sell tickets Online module for PrestaShop
In the module “Events Manager, Create events & Sell tickets Online” (eventsmanager) up to version 4.4.0 from FME Modules for PrestaShop, a guest can download personal information without restriction.
-
[CVE-2024-33266] Improper neutralization of SQL parameter in Helloshop - Tracking Center - Parcel tracking 80 carriers module for PrestaShop
In the module “Tracking Center - Parcel tracking 80 carriers” (deliveryorderautoupdate) up to version 2.8.2 from Helloshop for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-33272] Improper neutralization of SQL parameters in Knowband - Search Auto Suggest module for PrestaShop
In the module “Search Auto Suggest” (autosuggest) up to version 2.0.0 from KnowBand for PrestaShop, an anonymous user can perform a SQL injection.
-
[CVE-2024-28393] Improper neutralization of SQL parameter in Scalapay module for PrestaShop
In the module “Scalapay” (scalapay) up to version 1.2.41 from Scalapay for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-28386] Improper Neutralization of Special Elements used in an OS Command in the Home-Made.io - FastMag Sync module for PrestaShop
In the module “Fast Mag Sync” (fastmagsync) up to version 1.7.52 from Home-Made.io for PrestaShop, a guest can inject into script an arbitrary executable script.
-
[CVE-2024-28387] Exposure of Private Personal Information to an Unauthorized Actor in Axonaut module for PrestaShop
In the module “Axonaut” (axonaut) up to version 3.1.23 from Axonaut for PrestaShop, a guest can download personal information without restriction.