Friends Of Presta
Products
5- 4 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27034 | Cri | 0.68 | 9.8 | 0.59 | Mar 23, 2023 | PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | ||
| CVE-2023-30194 | Cri | 0.66 | 9.8 | 0.32 | May 10, 2023 | Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook(). | ||
| CVE-2024-34990 | Cri | 0.65 | 10.0 | 0.01 | Jun 19, 2024 | In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket… | ||
| CVE-2024-34994 | Cri | 0.64 | 9.8 | 0.00 | Jun 19, 2024 | In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`. | ||
| CVE-2024-33836 | Cri | 0.64 | 9.8 | 0.00 | Jun 19, 2024 | In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFrontController::init()` and in version 8.X, the method… | ||
| CVE-2023-27847 | Cri | 0.64 | 9.8 | 0.05 | Mar 27, 2023 | SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components. | ||
| CVE-2023-26864 | Cri | 0.64 | 9.8 | 0.01 | Mar 24, 2023 | SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent. | ||
| CVE-2024-34993 | Med | 0.41 | 6.3 | 0.00 | Jun 19, 2024 | In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection via`GenerateCategories::renderCategories(). |
- risk 0.68cvss 9.8epss 0.59
PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability.
- risk 0.66cvss 9.8epss 0.32
Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().
- risk 0.65cvss 10.0epss 0.01
In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket…
- risk 0.64cvss 9.8epss 0.00
In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`.
- risk 0.64cvss 9.8epss 0.00
In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFrontController::init()` and in version 8.X, the method…
- risk 0.64cvss 9.8epss 0.05
SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components.
- risk 0.64cvss 9.8epss 0.01
SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.
- risk 0.41cvss 6.3epss 0.00
In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection via`GenerateCategories::renderCategories().