-
[CVE-2024-28392] Improper neutralization of SQL parameter in Abandoned Cart Reminder Pro module for PrestaShop
In the module “Abandoned Cart Reminder Pro” (pscartabandonmentpro) up to version 2.0.11 from PrestaShop for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-28396] Exposure of Sensitive Information to an Unauthorized Actor in MyPrestaModules - Orders (CSV, Excel) Export PRO module for PrestaShop
In the module “Orders (CSV, Excel) Export PRO” (ordersexport) up to version 6.0.2 from MyPrestaModules for PrestaShop, a guest can download sensitive information without restriction.
-
[CVE-2024-28395] Improper neutralization of SQL parameter in Best-Kit - Pop-up / Schedule Popup / Splash window module for PrestaShop
In the module “Pop-up / Schedule Popup / Splash window” (bestkit_popup) up to version 1.7.2 (WARNING : all versions) from BestKit for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-28390] Improper Access Control in Advanced Plugins - Image: WebP, Compress, Zoom, Lazy load, Alt & More module for PrestaShop
In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.2.01 from Advanced Plugins for PrestaShop, a guest can update all configurations of the PrestaShop.
-
[CVE-2024-28388] Improper neutralization of SQL parameter in SunnyToo - Product Comments module for PrestaShop
In the module “Product Comments” (stproductcomments) up to version 1.0.5 from SunnyToo for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-28389] Improper neutralization of SQL parameters in Knowband - Entry,Exit and Subscription Popup-Spin and Win module for PrestaShop
In the module “Entry,Exit and Subscription Popup-Spin and Win” (spinwheel) up to version 3.0.3 from KnowBand for PrestaShop, an anonymous user can perform a SQL injection.
-
[CVE-2024-28391] Improper neutralization of SQL parameter in FME Modules - Quick Order Form - Order Table module for PrestaShop
In the module “Quick Order Form - Order Table” (quickproducttable) up to version 1.2.1 from FME Modules for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-25849] Improper neutralization of SQL parameter in PrestaToolKit - Make an offer module for PrestaShop
In the module “Make an offer” (makeanoffer) up to version 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-25848] Improper neutralization of SQL parameter in Team Ever - Ever Ultimate SEO module for PrestaShop
In the module “Ever Ultimate SEO” (everpsseo) from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-25845] Improper neutralization of SQL parameter in Cleanpresta.com - CD Custom Fields 4 Orders module for PrestaShop
In the module “CD Custom Fields 4 Orders” (cdcustomfields4orders) from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.