CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33275
https://notcve.org/view.php?id=CVE-2024-33275
30 Apr 2024 — SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. Vulnerabilidad de inyección SQL en Webbax supernewsletter v.1.4.21 y anteriores permite a un atacante remoto escalar privilegios a través del módulo Super Newsletter en los componentes product_search.php. • https://security.friendsofpresta.org/modules/2024/04/29/supernewsletter.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25839
https://notcve.org/view.php?id=CVE-2024-25839
03 Mar 2024 — An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-supernewsletter.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31671
https://notcve.org/view.php?id=CVE-2023-31671
14 Jun 2023 — PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess(). • https://friends-of-presta.github.io/security-advisories/modules/2023/06/13/postfinance.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1CVE-2023-30198 – PrestaShop Winbiz Payment module - Improper Limitation of a Pathname to a Restricted Directory
https://notcve.org/view.php?id=CVE-2023-30198
12 Jun 2023 — Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php. • https://www.exploit-db.com/exploits/51545 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3031 – Prestahop module King-Avis - Path traversal
https://notcve.org/view.php?id=CVE-2023-3031
02 Jun 2023 — Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15. • https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3031.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30197
https://notcve.org/view.php?id=CVE-2023-30197
31 May 2023 — Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack. • https://friends-of-presta.github.io/security-advisories/modules/2023/05/30/myinventory.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30196
https://notcve.org/view.php?id=CVE-2023-30196
30 May 2023 — Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. • https://friends-of-presta.github.io/security-advisories/modules/2023/05/22/salesbooster.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30199
https://notcve.org/view.php?id=CVE-2023-30199
19 May 2023 — Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. • https://friends-of-presta.github.io/security-advisories/modules/2023/05/16/customexporter.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •