17 matches found
CVE-2024-36681
SQL Injection vulnerability in the module "Isotope" pkisotope =1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via pkisotope::saveData and pkisotope::removeData methods...
CVE-2024-36682
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead t...
CVE-2024-36682
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead t...
CVE-2024-36681
The CVE-2024-36681 entry concerns the PrestaShop module Isotope (pk_isotope) version
CVE-2024-36681
SQL Injection vulnerability in the module "Isotope" pkisotope =1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via pkisotope::saveData and pkisotope::removeData methods...
CVE-2024-36682
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead t...
CVE-2024-36681
SQL Injection vulnerability in the module "Isotope" pkisotope =1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via pkisotope::saveData and pkisotope::removeData methods...
CVE-2024-36684
In the module "Custom links" pkcustomlinks = 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36678
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36680
In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36678
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36680
In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36678
In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36684
In the module "Custom links" pkcustomlinks = 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...
CVE-2024-36680
The CVE-2024-36680 issue affects the PrestaShop module pkfacebook (Facebook)
CVE-2024-36678
CVE-2024-36678 affects PrestaShop’s Promokit.eu module Theme settings (pk_themesettings) version
CVE-2024-36684
CVE-2024-36684 affects the PrestaShop module “Custom links” (pk_customlinks) up to version 2.3 from Promokit.eu. The issue enables a Guest to perform SQL injection via the script ajax.php, which contains a sensitive SQL call that can be triggered with a trivial HTTP request. The documented impact...