2 matches found
CVE-2014-2009
The CVE-2014-2009 entry concerns the mPAY24 payment module for PrestaShop prior to version 1.6. A vulnerability allows remote attackers to obtain credentials, installation path, and other sensitive information via a direct request to api/curllog.log. This is described as an information-disclosure...
CVE-2014-2008
Summary: CVE-2014-2008 is a SQL injection vulnerability in the mPAY24 PrestaShop payment module (prior to 1.6) where the TID parameter permits remote attackers to inject and execute arbitrary SQL commands. This can lead to information disclosure and potential data manipulation. Affected software:...