CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46350
https://notcve.org/view.php?id=CVE-2023-46350
SQL injection vulnerability in InnovaDeluxe "Manufacturer or supplier alphabetical search" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike. • https://security.friendsofpresta.org/modules/2024/02/08/idxrmanufacturer.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24308
https://notcve.org/view.php?id=CVE-2024-24308
SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. • https://security.friendsofpresta.org/modules/2024/02/08/boostmyshopagent.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50026
https://notcve.org/view.php?id=CVE-2023-50026
SQL injection vulnerability in Presta Monster "Multi Accessories Pro" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts(). • https://security.friendsofpresta.org/modules/2024/02/08/hsmultiaccessoriespro.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-24821 – Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
https://notcve.org/view.php?id=CVE-2024-24821
As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. ... Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. • https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22795
https://notcve.org/view.php?id=CVE-2024-22795
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. • https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023 https://github.com/Hagrid29/ForeScout-SecureConnector-EoP https://www.forescout.com • CWE-269: Improper Privilege Management •