11 matches found
VulnCheck KEV: CVE-2024-36680
In the module Facebook pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36680
In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36680
In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36680
In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
PT-2024-27124 · Unknown · Pkfacebook +1
Name of the Vulnerable Software and Affected Versions: PrestaShop module "Facebook" pkfacebook version 1.0.1 and earlier Description: The issue allows a guest to perform SQL injection. The facebookConnect.php script contains a sensitive SQL call that can be executed with a trivial HTTP call, maki...
CVE-2023-46352
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...
CVE-2023-46352
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...
Design/Logic Flaw
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...
CVE-2023-46352
In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...
CVE-2023-46352
In CVE-2023-46352, the Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module (PrestaShop Smart Modules) up to version 2.4.9 exposes a permissions flaw that lets a guest download exports, leaking personal data from the ps_customer table (name, surname, email). Root cause: lack of proper ac...
PT-2023-29972 · Facebook · Pixel Plus: Events + Capi + Pixel Catalog For Facebook Module
Name of the Vulnerable Software and Affected Versions: Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module version 2.4.9 Description: The issue is related to a lack of permissions control in the module, allowing a guest to download personal information without restriction. This can lead...