CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50027
https://notcve.org/view.php?id=CVE-2023-50027
05 Jan 2024 — SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. Vulnerabilidad de inyección SQL en el módulo Buy Addons baproductzoommagnifier para PrestaShop versiones 1.0.16 y anteriores, permite a atacantes remotos escalar privilegios y obtener información confidencial a través del método BaproductzoommagnifierZ... • https://security.friendsofpresta.org/modules/2023/12/19/baproductzoommagnifier.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48925
https://notcve.org/view.php?id=CVE-2023-48925
14 Dec 2023 — SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component BaVideoTabSaveVideoModuleFrontController::run(). Vulnerabilidad de inyección SQL en Buy Addons bavideotab anterior a la versión 1.0.6, permite a los atacantes escalar privilegios y obtener información confidencial a través del componente BaVideoTabSaveVideoModuleFrontController::run(). • https://security.friendsofpresta.org/modules/2023/12/07/bavideotab.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •