CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33275
https://notcve.org/view.php?id=CVE-2024-33275
30 Apr 2024 — SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. Vulnerabilidad de inyección SQL en Webbax supernewsletter v.1.4.21 y anteriores permite a un atacante remoto escalar privilegios a través del módulo Super Newsletter en los componentes product_search.php. • https://security.friendsofpresta.org/modules/2024/04/29/supernewsletter.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25839
https://notcve.org/view.php?id=CVE-2024-25839
03 Mar 2024 — An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-supernewsletter.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •