In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method productsUpdateModel::getExportIds() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge ...
9.8CVSS
8.2AI Score
0.001EPSS
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via...
7.5CVSS
6.9AI Score
0.008EPSS