MyPrestaModules
Products
3- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-39677 | 0.06 | — | 0.31 | Sep 20, 2023 | MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. | |||
| CVE-2024-28396 | 0.00 | — | 0.01 | Mar 20, 2024 | An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. | |||
| CVE-2024-25847 | 0.00 | — | 0.01 | Mar 3, 2024 | SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and… | |||
| CVE-2024-25846 | 0.00 | — | 0.01 | Feb 27, 2024 | In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. | |||
| CVE-2023-40923 | 0.00 | — | 0.01 | Nov 15, 2023 | MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. |
- CVE-2023-39677Sep 20, 2023risk 0.06cvss —epss 0.31
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php.
- CVE-2024-28396Mar 20, 2024risk 0.00cvss —epss 0.01
An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component.
- CVE-2024-25847Mar 3, 2024risk 0.00cvss —epss 0.01
SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and…
- CVE-2024-25846Feb 27, 2024risk 0.00cvss —epss 0.01
In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php.
- CVE-2023-40923Nov 15, 2023risk 0.00cvss —epss 0.01
MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.