PT-2023-27702 · Kerawen · Kerawen

Name of the Vulnerable Software and Affected Versions: Kerawen versions prior to 2.5.1 Description: The issue is related to a SQL injection vulnerability. It occurs via the ocs id cart parameter at the KerawenDeliveryModuleFrontController::initContent function. Recommendations: For versions prior...

CVE-2023-45899

An issue in the component SuperUserSetuserModuleFrontController:init of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image zoom and other features. A security vulnerability exists in PrestaShop idnovate superuser before version v2.4.2, whic...

CVE-2023-45375

In the module "PireosPay" pireospay before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via PireosPayValidationModuleFrontController::postProcess...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts, and product image scaling. A security vulnerability exists in PrestaShop, which originates from Prixan prixanconnect's...

CVE-2023-34577

SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook method...

CVE-2023-34575

SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail methods...

CVE-2023-39642

Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display...

CVE-2023-39641

Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent...

Active Design psaffiliate SQL Injection Vulnerability

Active Design psaffiliate is an application from Active Design. A security vulnerability exists in Active Design psaffiliate versions prior to v1.9.8, which stems from the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent that contains an SQL injection vulnerability...

CVE-2023-39652

theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run...

CVE-2023-30153

An SQL injection vulnerability in the Payplug payplug module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller...

PT-2023-22574 · Prestashop · Prestashop Cdesigner

Name of the Vulnerable Software and Affected Versions: PrestaShop cdesigner versions prior to 3.1.9 Description: The issue is related to SQL Injection via the CdesignerTraitementModuleFrontController::initContent function. Recommendations: For versions prior to 3.1.9, update to version 3.1.9 or...

PT-2023-20831 · Prestashop · Prestashop Igbudget

Name of the Vulnerable Software and Affected Versions: PrestaShop Igbudget versions 1.0.3 and earlier Description: A SQL injection issue allows a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component. This enables the attacker to...

PrestaShop cdesigner 代码问题漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop cdesigner version v3.1.3 through v3.1.8, which originates from...

CVE-2023-27637

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

CVE-2023-27637

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

Sql injection

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

CVE-2023-27637

An issue was discovered in the tshirtecommerce aka Custom Product Designer component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised productid GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL...

CVE-2022-30760

An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...