-
[CVE-2023-46348] Improper neutralization of SQL parameter in SunnyToo - Urls module for PrestaShop
In the module “Urls” (sturls) up to version 1.1.13 from SunnyToo for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-48925] Improper neutralization of SQL parameter in Buy Addons - Product Video, Youtube, Vimeo Tab module for PrestaShop
In the module “Product Video, Youtube, Vimeo Tab” (bavideotab) up to version 1.0.5 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-46353] Improper neutralization of SQL parameter in My Presta.eu - Product Tag Icons Pro for PrestaShop
In the module “Product Tag Icons Pro” (ticons) up to version 1.8.4 from My Presta.eu for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-46354] Exposure of Private Personal Information to an Unauthorized Actor in MyPrestaModules - Orders (CSV, Excel) Export PRO module for PrestaShop
In the module “Orders (CSV, Excel) Export PRO” (ordersexport) up to version 5.1.6 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction.
-
[CVE-2023-46349] Improper neutralization of SQL parameter in MyPrestaModules - Product Catalog (CSV, Excel) Export/Update module for PrestaShop
In the module “Product Catalog (CSV, Excel) Export/Update” (updateproducts) up to version 3.7.6 from MyPrestaModules for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-48188] Improper neutralization of SQL parameter in Opart Devis for PrestaShop
In the module “Opart Devis” (opartdevis) up to version 4.6.12 from Opart for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-46355] Exposure of Private Personal Information to an Unauthorized Actor in Bl Modules - CSV Feeds PRO module for PrestaShop
In the module “CSV Feeds PRO” (csvfeeds) up to version 2.5.2 from Bl Modules for PrestaShop, a guest can download personal information without restriction if the administrator do not force password on feeds.
-
[CVE-2023-46357] Improper neutralization of SQL parameter in MyPrestaModules - Cross Selling in Modal Cart module for PrestaShop
In the module “Cross Selling in Modal Cart” (motivationsale) from MyPrestaModules for PrestaShop, a guest can perform SQL injection in affected versions.
-
[CVE-2023-45377] Improper neutralization of SQL parameter in Chronopost - Chronopost Official module for PrestaShop
In the module “Chronopost Official” (chronopost) up to version 6.4.0 from Chronopost for PrestaShop, a guest can perform SQL injection in affected versions if the module is not installed OR if a secret accessible to administrator is stolen.
-
[CVE-2023-45382] Improper Limitation of a Pathname to a Restricted Directory in Common-Services - SoNice Retour module for PrestaShop
In the module “SoNice Retour” (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack.