32 matches found
EUVD-2024-25489
Malicious code in bioql PyPI...
CVE-2024-28391
SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv, displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku...
CVE-2024-33270
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component...
CVE-2024-33271
An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the pscustomer component...
CVE-2024-33276
SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes method...
CVE-2024-34992
SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" helpdesk up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets'...
CVE-2024-34992
SQL Injection vulnerability in the module "Help Desk - Customer Support Management System" helpdesk up to version 2.4.0 from FME Modules for PrestaShop allows attackers to obtain sensitive information and cause other impacts via 'Tickets::getsearchedtickets'...
PT-2024-26282 · Unknown · Fme Modules For Prestashop
Name of the Vulnerable Software and Affected Versions: FME Modules for PrestaShop helpdesk module versions up to 2.4.0 Description: The issue allows attackers to obtain sensitive information and cause other impacts. It is related to the Tickets::getsearchedtickets function. Recommendations: For...
CVE-2024-34990
In the module "Help Desk - Customer Support Management System" helpdesk up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods HelpdeskHelpdeskModuleFrontController::submitTicket and HelpdeskHelpdeskModuleFrontController::replyTicket allow upload of .php...
CVE-2024-33274
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...
CVE-2024-33270
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component...
CVE-2024-33274
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...
CVE-2024-33274
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...
CVE-2024-33270
The CVE-2024-33270 vulnerability affects FME Modules fileuploads (version 2.0.3 and earlier; fixed in 2.0.4). A flaw in the uploadfiles.php component allows a remote attacker to obtain sensitive information. Impact is information disclosure; no data integrity or availability impact noted in the p...
PT-2024-25185 · Unknown · Fme Modules Customfields
Name of the Vulnerable Software and Affected Versions: FME Modules customfields versions 2.2.7 and before Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via the "Custom Checkout Fields, Add Custom Fields to Checkout" parameter of the "ajax.php"...
CVE-2024-33270
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component...
PT-2024-25181 · Unknown · Fme Modules Fileuploads
Name of the Vulnerable Software and Affected Versions: FME Modules fileuploads versions 2.0.3 and earlier Description: An issue in FME Modules fileuploads allows a remote attacker to obtain sensitive information via the "uploadfiles.php" component. Recommendations: For versions 2.0.3 and earlier,...
CVE-2024-33276
SQL Injection vulnerability in FME Modules preorderandnotication v.3.1.0 and before allows a remote attacker to run arbitrary SQL commands via the PreorderModel::getIdProductAttributesByIdAttributes method...
CVE-2024-33271
An issue in FME Modules eventsmanager before 4.4.0 allows an attacker to obtain sensitive information from the pscustomer component...
CVE-2024-33276
CVE-2024-33276 affects the FME Modules preorderandnotication (versions 3.1.0 and earlier). The root cause is a SQL injection in PreorderModel::getIdProductAttributesByIdAttributes(), enabling remote attackers to execute arbitrary SQL commands. Documents do not specify a patch version or concrete ...