VYPR
Vendor

Promokit

Products
5
CVEs
5
Across products
6
Status
Private

Products

5

Recent CVEs

5
  • CVE-2024-36681CriJun 24, 2024
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for PrestaShop allows attackers to obtain sensitive information and cause other impacts via `pk_isotope::saveData` and `pk_isotope::removeData` methods.

  • CVE-2024-36684CriJun 19, 2024
    risk 0.64cvss 9.8epss 0.00

    In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.

  • CVE-2024-36678CriJun 19, 2024
    risk 0.64cvss 9.8epss 0.01

    In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.

  • CVE-2024-36680HigJun 19, 2024
    risk 0.50cvss 7.5epss 0.10

    In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.

  • CVE-2024-36682HigJun 24, 2024
    risk 0.49cvss 7.5epss 0.00

    In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is…