In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method JmsSetting::getSecondImgs() has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL...
9.8CVSS
9.8AI Score
0.001EPSS
9.8CVSS
9.3AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.014EPSS
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username...
9.8CVSS
9.7AI Score
0.003EPSS