CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43983
https://notcve.org/view.php?id=CVE-2023-43983
Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. Se descubrió que Presto Changeo atributegrid hasta 2.0.3 contiene una vulnerabilidad de inyección SQL a través del componente disable_json.php. • https://security.friendsofpresta.org/modules/2023/10/03/attributegrid.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43981
https://notcve.org/view.php?id=CVE-2023-43981
Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php. Se descubrió que Presto Changeo testsitecreator hasta 1.1.1 contiene una vulnerabilidad de deserialización a través del componente delete_excluded_folder.php. • https://security.friendsofpresta.org/modules/2023/10/03/testsitecreator.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43980
https://notcve.org/view.php?id=CVE-2023-43980
Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. Se descubrió que Presto Changeo testsitecreator hasta v1.1.1 contiene una vulnerabilidad de inyección SQL a través del componente enable_json.php. • https://security.friendsofpresta.org/modules/2023/09/28/testsitecreator-89.html https://www.presto-changeo.com/prestashop/home/158-test-site-creator.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 1CVE-2012-5799
https://notcve.org/view.php?id=CVE-2012-5799
The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the PHP fsockopen function. El módulo Canada Post (alias CanadaPost) en PrestaShop no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido de su elección. Relacionado con el uso de la función PHP fsockopen. • http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf • CWE-20: Improper Input Validation •