EUVD-2022-48316

Malicious code in bioql PyPI...

EUVD-2022-48315

Malicious code in bioql PyPI...

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...

PT-2024-13851 · Prestashop · Prestashop M4 Pdf Extensions Module

Name of the Vulnerable Software and Affected Versions: PrestaShop M4 PDF Extensions module versions up to 3.3.2 Description: The issue allows attackers to run arbitrary code via the M4PDF::saveTemplate method, potentially leading to code injection attacks. This could enable malicious activities,...

CVE-2023-50029

CVE-2023-50029 affects PrestaShop’s M4 PDF Extensions (m4pdf) module up to version 3.3.2 by PrestaAddons. The vulnerability allows PHP injection through M4PDF::saveTemplate(), enabling arbitrary code execution. Documented impact is critical (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). No expl...

CVE-2022-45448

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

Design/Logic Flaw

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

CVE-2022-45448

The CVE-2022-45448 vulnerability affects the M4 PDF plugin for Prestashop sites, versions 3.2.3 and earlier. The flaw arises in /m4pdf/pdf.php, which uses templates to generate documents; if a requested template does not exist, a fixed MPDF-formatted document is returned. An attacker can exploit ...

CVE-2022-45448 Cross-site Scripting in M4 PDF plugin for Prestashop sites

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

CVE-2022-45447

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could...

Directory traversal

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could...

CVE-2022-45447 Path Traversal in M4 PDF plugin for Prestashop sites

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could...

CVE-2022-45447

The CVE-2022-45447 entry describes a directory-traversal vulnerability in the M4 PDF plugin for Prestashop (versions 3.2.3 and earlier). The flaw resides in the f parameter handling of the /m4pdf/pdf.php resource, which does not properly validate the requested relative path, enabling an attacker ...

PT-2023-14671 · Prestashop · M4 Pdf Plugin

Name of the Vulnerable Software and Affected Versions: M4 PDF plugin for Prestashop sites versions 3.2.3 and before Description: The M4 PDF plugin for Prestashop sites is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource "/m4pdf/pdf.php" uses templates to dynamically...

Prestashop plugin M4 PDF cross-site scripting vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A security vulnerability exists in Prestashop plugin M4 PDF 3.2.3 and earlier version...

Prestashop Path Traversal Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program provides a variety of payment methods, short message alerts and product image zoom and other features. Prestashop plugin M4 PDF 3.2.3 and previous versions of a security vulnerability , the...