CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-25839
https://notcve.org/view.php?id=CVE-2024-25839
An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-supernewsletter.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-25847
https://notcve.org/view.php?id=CVE-2024-25847
SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-simpleimportproduct.md • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-24302
https://notcve.org/view.php?id=CVE-2024-24302
An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-502.md • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-24307
https://notcve.org/view.php?id=CVE-2024-24307
Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-22.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: -EPSS: 0%CPEs: -EXPL: 0CVE-2024-25844
https://notcve.org/view.php?id=CVE-2024-25844
An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. • https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-soflexibilite.md •