Page 135 of 5089 results (0.022 seconds)

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. Vulnerabilidad de inyección SQL en Baizhuo Network Smart s200 Management Platform v.S200 permite a un atacante local obtener información confidencial y escalar privilegios a través del componente /importexport.php. • https://github.com/tldjgggg/cve/blob/main/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-supernewsletter.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-simpleimportproduct.md • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-502.md • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-22.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •