Lucene search

Joommasters Security Vulnerabilities

cve

CVE-2018-6581

SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.

9.8CVSS

9.7AI Score

0.003EPSS

2018-02-02 05:29 PM

cve

CVE-2023-27034

PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.

9.8CVSS

9.8AI Score

0.038EPSS

2023-03-23 10:15 PM

cve

CVE-2023-29630

PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php.

9.8CVSS

9.8AI Score

0.001EPSS

2023-06-05 09:15 PM

cve

CVE-2023-29631

PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php.

9.8CVSS

9.3AI Score

0.001EPSS

2023-06-05 09:15 PM

cve

CVE-2023-29632

PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php.

9.8CVSS

9.8AI Score

0.001EPSS

2023-06-06 08:15 PM

cve

CVE-2023-50030

In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method JmsSetting::getSecondImgs() has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.

9.8CVSS

9.8AI Score

0.001EPSS

2024-01-19 02:15 PM