-
[CVE-2023-46914] Improper neutralization of SQL parameter in RM RM - Booking Calendar module for PrestaShop
In the module “Booking Calendar” (bookingcalendar) from RM RM for PrestaShop, a guest can perform SQL injection in affected versions if the module is not installed OR if a secret accessible to administrator is stolen.
-
[CVE-2023-43985] Improper neutralization of SQL parameter in SunnyToo - Blog Search module for PrestaShop
In the module “Blog Search” (stblogsearch) up to version 1.0 from SunnyToo for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-46351] Improper neutralization of SQL parameter in My Presta's modules : mib for PrestaShop
In the module mib from MyPresta.eu for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-50030] Blind SQL injection vulnerability in Joommasters - Jms Setting module for PrestaShop
In the module “Jms Setting” (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-50028] Improper neutralization of SQL parameter in PrestashopModules.eu - Sliding cart block for PrestaShop
In the module “Sliding cart block” (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-48926] Insecure Direct Object Reference in Advanced Loyalty Program: Loyalty Points module for PrestaShop
In the module “Advanced Loyalty Program: Loyalty Points” (totloyaltyadvanced) from 2.3.3 to version 2.3.4 from 202 ecommerce for PrestaShop, a guest can change an order status.
-
[CVE-2023-6921] Improper neutralization of SQL parameter in PrestaShow Google Integrator module for PrestaShop
Blind SQL Injection vulnerability in PrestaShow Google Integrator (pshowconversion) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies.
-
[CVE-2023-50027] Improper neutralization of SQL parameter in Buy Addons - Best Zoom Magnifier Effect - BAZoom Magnifier module for PrestaShop
In the module “Best Zoom Magnifier Effect - BAZoom Magnifier” (baproductzoommagnifier) up to version 1.0.16 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-40921] Improper neutralization of a SQL parameter in deprecated soliberte module from Common Services for PrestaShop
In the module “soliberte” for PrestaShop, an attacker can perform a SQL injection from >= 4.0.0 and < 4.3.03. Release 4.3.03 fixed this security issue.
-
[CVE-2023-46989] Improper neutralization of SQL parameter in Innovadeluxe - Quick Order module for PrestaShop
In the module “Quick Order” (idxquickorder) all versions below 1.4.0 from Innovadeluxe for PrestaShop, a guest can perform SQL injection in affected versions.