VYPR

Product Catalog (CSV, Excel) Export/Update

by MyPrestaModules

CVEs (5)

  • CVE-2024-25847CriMar 3, 2024
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and…

  • CVE-2023-46349CriNov 27, 2023
    risk 0.64cvss 9.8epss 0.01

    In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and…

  • CVE-2023-45387CriNov 17, 2023
    risk 0.64cvss 9.8epss 0.01

    In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().`

  • CVE-2024-25846CriFeb 27, 2024
    risk 0.59cvss 9.1epss 0.01

    In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.

  • CVE-2023-46346HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control…