Filtered by vendor Mypresta
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46353 | 1 Mypresta | 1 Product Tag Icons Pro | 2024-11-26 | 9.8 Critical |
| In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-46351 | 1 Mypresta | 1 Manufacturers \(brands\) Images Block | 2024-11-21 | 9.8 Critical |
| In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | ||||
| CVE-2023-45386 | 1 Mypresta | 1 Product Extra Tabs Pro | 2024-11-21 | 9.8 Critical |
| In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().' | ||||
| CVE-2021-40814 | 1 Mypresta | 1 Customer Photo Gallery | 2024-11-21 | 9.8 Critical |
| The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection. | ||||
| CVE-2018-19355 | 2 Mypresta, Prestashop | 2 Customer Files Upload, Prestashop | 2024-11-21 | 9.8 Critical |
| modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). | ||||
Page 1 of 1.