2746 matches found
PrestaShop `tshirtecommerce` Module - SQL Injection
The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the designer endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database. id: CVE-2023-27637 info: name: PrestaShop tshirtecommerce Module - SQL...
PrestaShop productsalert - SQL Injection
In the module 'Products Alert' productsalert up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2024-36683 info: name: PrestaShop productsalert - SQL Injection author: mastercho severity: critical description: | In the module...
PrestaShop 1.7.7.0 - SQL Injection
PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade idproducts parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
PrestaShop Product Comments <4.2.0 - SQL Injection
PrestaShop Product Comments module before version 4.2.1 contains a SQL injection vulnerability, An attacker can use a blind SQL injection to retrieve data or stop the MySQL service, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized administrative...
PrestaShop Theme Volty CMS Blog - SQL Injection
In the module 'Theme Volty CMS Blog' tvcmsblog up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-39650 info: name: PrestaShop Theme Volty CMS Blog - SQL Injection author: mastercho severity: critical description: | In the...
PrestaShop xipblog - SQL Injection
In the blog module xipblog, an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time. id: CVE-2023-27847 info: name: PrestaShop xipblog - SQL Injection author: mastercho severity: critical description...
PrestaShop MyPrestaModules - PhpInfo Disclosure
PrestaShop modules by MyPrestaModules expose PHPInfo id: CVE-2023-39677 info: name: PrestaShop MyPrestaModules - PhpInfo Disclosure author: meme-lord severity: high description: | PrestaShop modules by MyPrestaModules expose PHPInfo remediation: | Apply the latest security patches and updates fro...
PrestaShop Step by Step products Pack - SQL Injection
In the module “Step by Step products Pack” ndksteppingpack up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-46347 info: name: PrestaShop Step by Step products Pack - SQL Injection author: MaStErChO severity: critical description: | I...
PrestaShop - SQL Injection to Eval Injection
PrestaShop versions from 1.6.0.10 and before 1.7.8.7 contain an SQL injection caused by unsanitized user input, letting attackers chain the vulnerability to call PHP's Eval function, exploit requires attacker to send malicious input. id: CVE-2022-31181 info: name: PrestaShop - SQL Injection to Ev...
tshirtecommerce PrestaShop Module - SQL Injection
The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the tshirtecommercedesigncartid parameter, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database. This is due to lack of input sanitization, as shown in t...
PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file. id: CVE-2020-15081 info: name: PrestaShop 1.7.6.6 - Information Exposure via Upload Directory author: 0xAkoko severity: lo...
Prestashop Blockwishlist 2.1.0 SQL Injection
Prestashop Blockwishlist module version 2.1.0 suffers from a remote authenticated SQL injection vulnerability. id: CVE-2022-31101 info: name: Prestashop Blockwishlist 2.1.0 SQL Injection author: mastercho severity: high description: | Prestashop Blockwishlist module version 2.1.0 suffers from a...
Prestashop posstaticfooter <= 1.0.0 - SQL Injection
Prestashop posstaticfooter = 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook. id: CVE-2023-30194 info: name: Prestashop posstaticfooter = 1.0.0 - SQL Injection author: daffainfo severity: critical description: | Prestashop posstaticfooter = 1.0.0 is vulnerable to SQL...
PrestaShop AdvancedPopupCreator - SQL Injection
In the module “Advanced Popup Creator” advancedpopupcreator from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-27032 info: name: PrestaShop AdvancedPopupCreator - SQL Injection author: MaStErChO severity: critical description: | In the module...
PrestaShop tshirtecommerce - Directory Traversal
The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27640 info: name: PrestaShop tshirtecommerce...
PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection
PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. id: CVE-2023-30150 info: name: PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection author: mastercho severity: critical description: | PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerab...
PrestaShop TshirteCommerce - Directory Traversal
The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...
PrestaShop fieldpopupnewsletter Module - Cross Site Scripting
Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php. id: CVE-2023-39676 info: name: PrestaShop fieldpopupnewsletter Module - Cross Site Scripting author: meme-lord severity: medium...
PrestaShop 'possearchproducts' <= 1.7 - SQL Injection
In the module “Search Products” possearchproducts from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-30192 info: name: PrestaShop 'possearchproducts' = 1.7 - SQL Injection author: mastercho severity: critical description: | In the module “Search...
PrestaShop SmartBlog <4.0.6 - SQL Injection
PrestaShop SmartBlog by SmartDataSoft 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality. id: CVE-2021-37538 info: name: PrestaShop SmartBlog 4.0.6 - SQL Injection author: whoever severity: critical description: PrestaShop SmartBlog by SmartDataSoft 4.0.6 is...