-
[CVE-2024-25843] Improper neutralization of SQL parameter in Buy Addons - Import/Update Bulk Product from any Csv/Excel File Pro module for PrestaShop
In the module “Import/Update Bulk Product from any Csv/Excel File Pro” (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-24309] Exposure of Sensitive Information to an Unauthorized Actor in Ecomiz - Survey TMA module for PrestaShop
In the module “Survey TMA” (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download technical information without restriction.
-
[CVE-2024-24310] Improper neutralization of SQL parameter in Ether Création - Generate barcode on invoice / delivery slip module for PrestaShop
In the module “Generate barcode on invoice / delivery slip” (ecgeneratebarcode) up to version 1.2.0 from Ether Création for PrestaShop, a guest can perform SQL injection in affected versions if the module is not installed OR if a secret accessible to administrator is stolen.
-
[CVE-2023-50061] Improper neutralization of SQL parameter in Opart Easy Redirect for PrestaShop
In the module “Opart Easy Redirect” (oparteasyredirect) up to version 1.3.12 from Opart for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-46350] Improper neutralization of SQL parameter in InnovaDeluxe - Manufacturer or supplier alphabetical search module for PrestaShop
In the module “Manufacturer or supplier alphabetical search” (idxrmanufacturer) up to version 2.0.4 from InnovaDeluxe for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-50026] Improper neutralization of SQL parameter in Presta Monster - Multi Accessories Pro module for PrestaShop
In the module “Multi Accessories Pro” (hsmultiaccessoriespro) up to version 5.2.0 from Presta Monster for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-24308] Improper neutralization of SQL parameter in Boostmyshop module for PrestaShop
In the module “Boostmyshop” (boostmyshopagent) up to version 1.1.9 from Boostmyshop for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2024-24304] Exposure of Sensitive Information to an Unauthorized Actor in Mailjet module for PrestaShop
In the module “Mailjet” (mailjet) up to version 3.5.0 from Mailjet for PrestaShop, a guest can download technical information without restriction.
-
[CVE-2024-24311] Improper Limitation of a Pathname to a Restricted Directory in Linea Grafica - Multilingual and Multistore Sitemap Pro – SEO module for PrestaShop
In the module “Multilingual and Multistore Sitemap Pro – SEO” (lgsitemaps) from Linea Grafica for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.
-
[CVE-2024-24303] Improper neutralization of SQL parameter in HiPresta - Gift Wrapping Pro module for PrestaShop
In the module “Gift Wrapping Pro” (hiadvancedgiftwrapping) up to version 1.4.0 from HiPresta for PrestaShop, a guest can perform SQL injection in affected versions.