CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45387
https://notcve.org/view.php?id=CVE-2023-45387
17 Nov 2023 — In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` En el módulo "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) en versiones hasta 5.0.0 de MyPrestaModules para PrestaShop, un invitado puede realizar una inyección SQL a través de `exportProduct::_addDataToDb().` • https://addons.prestashop.com/en/data-import-export/18662-product-catalog-csv-excel-xml-export-pro.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46346
https://notcve.org/view.php?id=CVE-2023-46346
25 Oct 2023 — In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. En el módulo "Product Catalog (CSV, Excel, XML) Export PRO" (exportar productos) en versiones hasta ... • https://security.friendsofpresta.org/modules/2023/10/24/exportproducts.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •