8 matches found
EUVD-2023-50573
Malicious code in bioql PyPI...
CVE-2023-46353
In the module "Product Tag Icons Pro" ticons before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46353
In the module "Product Tag Icons Pro" ticons before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46353
In the module "Product Tag Icons Pro" ticons before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
Sql injection
In the module "Product Tag Icons Pro" ticons before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2023-46353
CVE-2023-46353 (Product Tag Icons Pro, PrestaShop) Vulnerability exists in the module before 1.8.4 where a guest can induce a SQL injection via the TiconProduct::getTiconByProductAndTicon() function due to sensitive SQL calls that can be invoked with a trivial HTTP request. The issue affects the ...
PT-2023-29973 · Unknown · Prestashop +1
Name of the Vulnerable Software and Affected Versions: Product Tag Icons Pro versions prior to 1.8.4 Description: A guest can perform SQL injection in the module Product Tag Icons Pro for PrestaShop. The method TiconProduct::getTiconByProductAndTicon has sensitive SQL calls that can be executed...
2020datashed.txt
vendor site:http://www.2020applications.com/ product:20/20 datashed bug:injection sql risk:high injection sql get : /f-email.asp?strPeopleID=1&itemID='sql /listings.asp?peopleID='sql /listings.asp?sortorder='sql laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: [email protected]...