Lucene search
K

30 matches found

Positive Technologies
Positive Technologies
added 2023/05/25 12:0 a.m.3 views

PT-2023-24263 · Prestashop · Store Commander Scfixmyprestashop Module

Name of the Vulnerable Software and Affected Versions: Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop Description: The issue allows sensitive SQL calls to be executed with a trivial HTTP request, which can be exploited to forge a blind SQL injection. Recommendations: F...

9.8CVSS8.2AI score0.00602EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/25 12:0 a.m.8 views

CVE-2023-33280

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

7.8AI score0.0062EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/25 12:0 a.m.3 views

PT-2023-24265 · Prestashop +1 · Store Commander Scquickaccounting Module +1

Name of the Vulnerable Software and Affected Versions: Store Commander scquickaccounting module for PrestaShop versions through 3.7.3 Description: The issue allows multiple sensitive SQL calls to be executed with a trivial HTTP request, which can be exploited to forge a blind SQL injection...

9.8CVSS7.8AI score0.0062EPSS
Exploits0References4
CVE
CVE
added 2023/05/25 12:0 a.m.38 views

CVE-2023-33278

CVE-2023-33278 affects the PrestaShop Store Commander scexportcustomers module up to version 3.6.1. The root cause is that sensitive SQL calls can be triggered by a trivial HTTP request, enabling a blind SQL injection. Impact is high on confidentiality, integrity and availability as described in ...

9.8CVSS9.7AI score0.0062EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/05/25 12:0 a.m.36 views

CVE-2023-33279

The CVE-2023-33279 issue affects the Store Commander scfixmyprestashop module for PrestaShop (through 2023-05-09). The vulnerability enables sensitive SQL calls to be triggered by a trivial HTTP request, enabling exploitation of a blind SQL injection. Affected component: Store Commander scfixmypr...

9.8CVSS9.7AI score0.00602EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/25 12:0 a.m.46 views

CVE-2023-33280

CVE-2023-33280 affects the Store Commander scquickaccounting module for PrestaShop up to version 3.7.3. The vulnerability allows multiple sensitive SQL calls to be performed via a trivial HTTP request, enabling a blind SQL injection. The CVSS vector provided indicates Network access, low attack c...

9.8CVSS9.7AI score0.0062EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/25 12:0 a.m.6 views

CVE-2023-33278

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...

7.8AI score0.0062EPSS
Exploits0References2
NVD
NVD
added 2023/05/16 8:15 p.m.19 views

CVE-2023-30281

Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from pscustomer table sush as name / surnam...

7.5CVSS6.4AI score0.00474EPSS
Exploits0References1
CVE
CVE
added 2023/05/16 12:0 a.m.40 views

CVE-2023-30281

The CVE-2023-30281 entry affects Store Commander for PrestaShop, specifically scquickaccounting versions prior to 3.7.3. The underlying issue is insecure permissions that fail to restrict access to exports, allowing a guest to access data that is exported by the module. The practical impact state...

7.5CVSS6.3AI score0.00474EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/16 12:0 a.m.24 views

CVE-2023-30281

Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which can lead to leak of personnal informations from pscustomer table sush as name / surnam...

6.6AI score0.00474EPSS
Exploits0References1
Rows per page
Query Builder