18 matches found
EUVD-2023-50576
Malicious code in bioql PyPI...
EUVD-2023-50575
Malicious code in bioql PyPI...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46355
In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...
CVE-2023-46355
In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...
CVE-2023-46355
In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...
Default credentials
In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...
CVE-2023-46355
CVE-2023-46355—CSV Feeds PRO (PrestaShop) affects Bl Modules csvfeeds module prior to version 2.6.1. The root cause is overly permissive access control that does not require an administrator to authenticate when accessing feeds, allowing guests to download exports and potentially leak personal da...
CVE-2023-46355
In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
Sql injection
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
PrestaShop Security Breach
PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop CSV Feeds PRO prior to version 2.6.1, which stems from the...
PT-2023-29976 · Prestashop · Csv Feeds Pro
Name of the Vulnerable Software and Affected Versions: PrestaShop module CSV Feeds PRO versions prior to 2.6.1 Description: The issue allows a guest to perform SQL injection due to a sensitive SQL call in the SearchApiCsv::getProducts method. This can be exploited with a trivial HTTP call, allowi...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46356
In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46356
CVE-2023-46356 affects PrestaShop module CSV Feeds PRO prior to 2.6.1. The vulnerability is a SQL injection in SearchApiCsv::getProducts(), exploitable by a guest via a trivial HTTP request due to a sensitive SQL call. Impact is high (potential data compromise/alteration and service disruption) a...