CVE-2023-45387

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via exportProduct::addDataToDb...

CVE-2023-40923

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and savesetting parameters...

EUVD-2023-49679

Malicious code in bioql PyPI...

EUVD-2023-50566

Malicious code in bioql PyPI...

EUVD-2024-23154

Malicious code in bioql PyPI...

EUVD-2023-50577

Malicious code in bioql PyPI...

EUVD-2023-50569

Malicious code in bioql PyPI...

EUVD-2023-45462

Malicious code in bioql PyPI...

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

CVE-2024-25847

SQL Injection vulnerability in MyPrestaModules "Product Catalog CSV, Excel Import" simpleimportproduct modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::construct and importProducts::addDataToDb methods...

CVE-2023-46349

In the module "Product Catalog CSV, Excel Export/Update" updateproducts 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method productsUpdateModel::getExportIds has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL...

CVE-2023-46357

In the module "Cross Selling in Modal Cart" motivationsale 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method motivationsaleDataModel::getProductsByIds has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injectio...

CVE-2023-46346

In the module "Product Catalog CSV, Excel, XML Export PRO" exportproducts in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in...

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

CVE-2024-28396

CVE-2024-28396 affects MyPrestaModules ordersexport, version 6.0.2 and earlier. The vulnerability resides in the download.php component and allows a remote attacker to execute arbitrary code. Public sources consistently describe a need to update to a version that contains a fix; no exploit specif...

CVE-2024-28396

An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component...

PT-2024-22416 · Unknown · Myprestamodules Ordersexport

Name of the Vulnerable Software and Affected Versions: MyPrestaModules ordersexport versions 6.0.2 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the "download.php" component. Recommendations: For versions 6.0.2 and earlier, update to a version that...

CVE-2024-25847

SQL Injection vulnerability in MyPrestaModules "Product Catalog CSV, Excel Import" simpleimportproduct modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::construct and importProducts::addDataToDb methods...

Sql injection

SQL Injection vulnerability in MyPrestaModules "Product Catalog CSV, Excel Import" simpleimportproduct modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::construct and importProducts::addDataToDb methods...