PrestaShop `tshirtecommerce` Module - SQL Injection

The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the designer endpoint, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database. id: CVE-2023-27637 info: name: PrestaShop tshirtecommerce Module - SQL...

Prestashop Blockwishlist 2.1.0 SQL Injection

Prestashop Blockwishlist module version 2.1.0 suffers from a remote authenticated SQL injection vulnerability. id: CVE-2022-31101 info: name: Prestashop Blockwishlist 2.1.0 SQL Injection author: mastercho severity: high description: | Prestashop Blockwishlist module version 2.1.0 suffers from a...

PrestaShop 1.7.7.0 - SQL Injection

PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade idproducts parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection

PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection blind via the sbcategory parameter. id: CVE-2021-36748 info: name: PrestaHome Blog for PrestaShop 1.7.8 - SQL Injection author: whoever severity: high description: PrestaHome Blog for PrestaShop prior to versio...

PrestaShop Product Comments <4.2.0 - SQL Injection

PrestaShop Product Comments module before version 4.2.1 contains a SQL injection vulnerability, An attacker can use a blind SQL injection to retrieve data or stop the MySQL service, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized administrative...

PrestaShop fieldpopupnewsletter Module - Cross Site Scripting

Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php. id: CVE-2023-39676 info: name: PrestaShop fieldpopupnewsletter Module - Cross Site Scripting author: meme-lord severity: medium...

PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection

A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. id: CVE-2022-22897 info: name: PrestaShop AP Pagebuilder = 2.4.4 - SQL Injection...

PrestaShop PireosPay - SQL Injection

In the module “PireosPay” pireospay up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-45375 info: name: PrestaShop PireosPay - SQL Injection author: MaStErChO severity: high description: | In the module “PireosPay”...

PrestaShop AdvancedPopupCreator - SQL Injection

In the module “Advanced Popup Creator” advancedpopupcreator from Idnovate for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-27032 info: name: PrestaShop AdvancedPopupCreator - SQL Injection author: MaStErChO severity: critical description: | In the module...

PrestaShop productsalert - SQL Injection

In the module 'Products Alert' productsalert up to version 1.7.4 from Smart Modules for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2024-36683 info: name: PrestaShop productsalert - SQL Injection author: mastercho severity: critical description: | In the module...

PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory

PrestaShop versions after 1.5.0.0 and before 1.7.6.6 are vulnerable to information exposure through directory listing in the upload directory due to a missing index.php file. id: CVE-2020-15081 info: name: PrestaShop 1.7.6.6 - Information Exposure via Upload Directory author: 0xAkoko severity: lo...

PrestaShop lgcookieslaw - SQL Injection

The EU Cookie Law GDPR Banner + Blocker PrestaShop module before 2.1.3 allows blind SQL injection via the lglaw or lgcookieslaw cookie used to store user consent choices. id: CVE-2022-44727 info: name: PrestaShop lgcookieslaw - SQL Injection author: mastercho severity: critical description: | The...

Prestashop AttributeWizardPro Module - Arbitrary File Upload

In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file. id: CVE-2018-10942 info: name: Prestashop AttributeWizardPro Module - Arbitrary File Upload author: MaStErChO severity: critical description: | In the Attribute Wizard add...

PrestaShop TshirteCommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...

PrestaShop 'possearchproducts' <= 1.7 - SQL Injection

In the module “Search Products” possearchproducts from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-30192 info: name: PrestaShop 'possearchproducts' = 1.7 - SQL Injection author: mastercho severity: critical description: | In the module “Search...

PrestaShop tshirtecommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27640 info: name: PrestaShop tshirtecommerce...

Prestashop posstaticfooter <= 1.0.0 - SQL Injection

Prestashop posstaticfooter = 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook. id: CVE-2023-30194 info: name: Prestashop posstaticfooter = 1.0.0 - SQL Injection author: daffainfo severity: critical description: | Prestashop posstaticfooter = 1.0.0 is vulnerable to SQL...

tshirtecommerce PrestaShop Module - SQL Injection

The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the tshirtecommercedesigncartid parameter, allowing attackers to execute arbitrary SQL queries and extract sensitive information from the database. This is due to lack of input sanitization, as shown in t...

PrestaShop xipblog - SQL Injection

In the blog module xipblog, an anonymous user can perform SQL injection. Even though the module has been patched in version 2.0.1, the version number was not incremented at the time. id: CVE-2023-27847 info: name: PrestaShop xipblog - SQL Injection author: mastercho severity: critical description...

PrestaShop Responsive Mega Menu Module - Remote Code Execution

The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or...