EUVD-2023-40234

Malicious code in bioql PyPI...

EUVD-2023-50569

Malicious code in bioql PyPI...

CVE-2023-46347

In the module "Step by Step products Pack" ndksteppingpack version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

Sql injection

In the module "Product Tag Icons Pro" ticons before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

Sql injection

In the module "Product Catalog CSV, Excel Export/Update" updateproducts 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method productsUpdateModel::getExportIds has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL...

CVE-2023-45377

In the module "Chronopost Official" chronopost for PrestaShop, a guest can perform SQL injection. The script PHP cancelSkybill.php own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2023-33279

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection...