SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
9.8CVSS
9.7AI Score
0.003EPSS
9.8CVSS
9.8AI Score
0.038EPSS
PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.
9.8CVSS
9.8AI Score
0.001EPSS
PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.
9.8CVSS
9.3AI Score
0.001EPSS
PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.
9.8CVSS
9.8AI Score
0.001EPSS
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method JmsSetting::getSecondImgs() has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.
9.8CVSS
9.8AI Score
0.001EPSS