VYPR
Vendor

FriendsOfPresta

Products
12
CVEs
12
Across products
12
Status
Private

Products

12

Recent CVEs

12
  • CVE-2024-36679CriJun 19, 2024
    risk 0.65cvss 10.0epss 0.01

    In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of a white writer that can inject PHP code into a PHP file.

  • CVE-2024-34988CriJun 24, 2024
    risk 0.64cvss 9.8epss 0.00

    SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods…

  • CVE-2024-33267CriApr 30, 2024
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function.

  • CVE-2023-48925CriDec 14, 2023
    risk 0.64cvss 9.8epss 0.01

    SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run().

  • CVE-2023-46349CriNov 27, 2023
    risk 0.64cvss 9.8epss 0.01

    In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with a trivial http call and…

  • CVE-2023-43139CriOct 31, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components.

  • CVE-2023-40923HigNov 15, 2023
    risk 0.57cvss 8.8epss 0.01

    MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.

  • CVE-2023-33664HigJul 7, 2023
    risk 0.57cvss 8.8epss 0.01

    ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.

  • CVE-2023-24763HigMar 6, 2023
    risk 0.57cvss 8.8epss 0.01

    In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.

  • CVE-2024-34991HigJun 24, 2024
    risk 0.49cvss 7.5epss 0.00

    In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions control.

  • CVE-2023-45385HigApr 30, 2024
    risk 0.49cvss 7.5epss 0.01

    ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module.

  • CVE-2023-47309MedNov 15, 2023
    risk 0.35cvss 5.4epss 0.00

    Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile.